###################### # Exploit Title : Tuninfoforyou - Weak Password Vulnerability # Exploit Author : Persian Hack Team # Vendor Homepage : http://www.tuninfoforyou.com/ # Category: [ Webapps ] # Tested on: [ Win ] # Version: 2 And 2.5 # Date: 2016/05/20 ###################### # # PoC: # Login Page : /reservation/admin/ And /b2b/admin/ # User and Password = admin # # Demo : # http://www.etsw-ltd.com/b2b/admin/login.php # http://www.voyageair.net/b2b/admin/login.php # http://www.mehditours.com/b2b/admin/login.php # http://www.b-ltravel.com/reservation/admin/admMenu.php # http://www.gourayatours.com//reservation/admin/login.php # ###################### # Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com) # Greetz : T3NZOG4N , FireKernel, Milad Hacking & And All Persian Hack Team Members # Homepage : persian-team.ir ######################