Ordius IT Solutions Bypass Admin

2019.03.30
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

############################# # Exploit Title: Ordius IT Solutions Bypass Admin # Google Dork: "Designed By . Ordius IT Solutions Pvt. Ltd." # Discovered By: L4663r666h05t - PhantomGhost ################ # Vendor Homepage: N/A # Software Link: https://www.ordiusits.com/ # Version: Any Version # Tested on: Windows 10 x64 ############################# Where is the admin login? you must find picture on PRODUCT IMAGE OR SOME OFFER ON VICTIM WEBSITE. Right click & open in new tab. For Live Target: http://sbasket.in/ If you found an image http://sbasket.in/shubh-basket/images/productimages/lakmelotion.jpg delete the "images/productimages/image.jpg" so you just take http://sbasket.in/shubh-basket/ Thats the admin login, random admin login Fill the username & password box with '=' 'or' to bypass admin. Impact: The attacker can upload a backdoor & malware. The attacker can change a image without a legal permission. Thanks to: PhantomGhost - Xwizx404 - Mr.Vendetta_404 - LCR999X - Panjul Dot ID - SPEEDY-03 - ./r0cky_n00bs - K1D2ZON3


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top