Obaidullah Sulaimankhil Improper Authentication Vulnerability

2019.03.03
gb KingSkrupellos (GB) gb
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-287 CWE-592 CWE-305 CWE-288 CWE-302

#################################################################### # Exploit Title : Obaidullah Sulaimankhil Improper Authentication Vulnerability # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 03/03/2019 # Vendor Homepage / Social Media : facebook.com/obaidullah.sulaimankhil # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : High # Vulnerability Type : CWE-287 [ Improper Authentication ] CWE-592 [ Authentication Bypass Issues ] CWE-305 [ Authentication Bypass by Primary Weakness ] CWE-288 [ Authentication Bypass Using an Alternate Path or Channel ] CWE-302 [ Authentication Bypass by Assumed-Immutable Data ] # PacketStormSecurity : packetstormsecurity.com/files/authors/13968 # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/ # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos #################################################################### # Information about Software and Owner : ************************************ Obaidullah SulaimanKhil who is web developer in Afghanhistan and developed a script with his name Obaidullah Software for Afghani Government Websites. #################################################################### # Impact : ********** * When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. * The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error. * This product requires authentication, but the product has an alternate path or channel that does not require authentication. * The authentication scheme or implementation uses key data elements that are assumed to be immutable, but can be controlled or modified by the attacker. #################################################################### # Authentication Bypass Exploit : ***************************** Admin Panel Login Path : *********************** /Pages/AdminLogin.aspx Admin username : admin Admin password : admin Usable Admin Control Panel Links : ******************************** /Pages/frmWelcomeMessageAdmin.aspx /Pages/HistoryOfDMTVETAdmin.aspx /Pages/AboutDMTVETAdmin.aspx /Pages/HEDMAdmin.aspx /Pages/frmStaffAdmin.aspx /Pages/frmCeoMessageAdmin.aspx /Pages/frmSliderAdmin.aspx /Pages/frmDMTVETStructureAdmin.aspx /Pages/frmDMTVETReport.aspx /Pages/frmArticlesAdmin.aspx /Pages/frmVisionAdmin.aspx /Pages/frmPresentationsAdmin.aspx /Pages/frmInterviewsAdmin.aspx /Pages/frmAlbumAdmin.aspx /Pages/frmNewsAdmin.aspx /Pages/frmOthersAdmin.aspx /Pages/frmContactUsAdmin.aspx #################################################################### # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ####################################################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top