Bazaargan CMS Bypass Login Page Vulnerability

Published
Credit
Risk
2017.02.21
Ashiyane Digital Security Team
Medium
CWE
CVE
Local
Remote
N/A
N/A
No
Yes
Dork: intext:"طراحی و برنامه نویسی سیستم | Bazaargan.ir"

|=============================================================|
|
|-------------------In The Name Of God------------------------|
|
| Exploit Title : Bazaargan CMS Bypass Login Vulnerability
|
| Exploit Author : Ashiyane Digital Security Team
|
| Google Dork : intext:"طراحی و برنامه نویسی سیستم | Bazaargan.ir"
| intext:"طراحی و برنامه نویسی توسط گروه طراحی وب سایت بازارگان"
| Tested on : Win 7
|
| Date : 2/17/2017
|
| Vendor HomePage : www.bazaargan.ir
|
|======================================|
|
| Tutorial :
|
| Search The Dork Or Go To Vendor HomePage And Select Your Target
| Then Go To Admin Panel At : /admin/login.php If Exist
| And Open Noredirect Add-Ons And Click On "Add"
| Paste The Target With ^ Character : ^Target
| At Last Change Url To : site/admin/index.php
| Upload Your Shell And Enjoy !
|
|=============================================================|
| Discovered By : ZeroDay , Special Tnx 2 : Ehsan Cod3r <3
|=============================================================|


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com