Ordius IT Solutions Bypass Admin

2019.03.30

L4663r666h05t (ID)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: "Designed By . Ordius IT Solutions Pvt. Ltd."

#############################
# Exploit Title: Ordius IT Solutions Bypass Admin
# Google Dork: "Designed By . Ordius IT Solutions Pvt. Ltd." 
# Discovered By: L4663r666h05t - PhantomGhost

################
# Vendor Homepage: N/A
# Software Link: https://www.ordiusits.com/
# Version: Any Version
# Tested on: Windows 10 x64

#############################
Where is the admin login? you must find picture on PRODUCT IMAGE OR SOME OFFER ON VICTIM WEBSITE.
Right click & open in new tab. 

For Live Target:
http://sbasket.in/

If you found an image
http://sbasket.in/shubh-basket/images/productimages/lakmelotion.jpg
delete the "images/productimages/image.jpg"
so you just take http://sbasket.in/shubh-basket/
Thats the admin login, random admin login

Fill the username & password box with '=' 'or' to bypass admin.

Impact:
The attacker can upload a backdoor & malware.
The attacker can change a image without a legal permission.

Thanks to: PhantomGhost - Xwizx404 - Mr.Vendetta_404 - LCR999X - Panjul Dot ID - SPEEDY-03 - ./r0cky_n00bs - K1D2ZON3

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Ordius IT Solutions Bypass Admin

Dork: "Designed By . Ordius IT Solutions Pvt. Ltd."

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.