SAUDI SOFTECH Admin Login Page Bypass | Upload shell access

2017.06.15
ir Ormazd (IR) ir
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

########################## # Exploit Title: SAUDI SOFTECH Admin Login Page Bypass | Upload shell access # Google Dork : intext:"Designed By: SAUDI SOFTECH (MST)" # Date:2017-06-14 # Discovered By: Ormazd # We Are Iranian Anonymous # Home: Iranonymous.org # Version: all # Tested on : Win 10 ########################## ## DP ## Install NoRedirect Plugin to FireFox Add your target url to NoRedirect plugin and pervent Redirect than you can use : target.com/panel/users.php ---> to add or remove or edit user target.com/panel/pages.php ---> to add or remove or edit pages target.com/panel/file.php ---> to add or remove or edit files ( you can upload shell :D ) ############################ Demo: http://www.und-ksa.com/panel/ http://www.madicc.org/panel/ http://www.tisco.com.sa/panel/ http://www.speetech.net/panel/ ... ############################# #Thanks to : MR.Khatar ||Turk-Khan || Blackwolf_Iran ||ll_azab-siyah_ll ||Sh@d0w ||Hellish_PN (mamad khodesh) ||Shdmehr || And All Of Iranian Anonymous . # Discovered By: Ormazd


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top