Techbrightsolutions - Sql Injection/Admin Panel Bypass

2024.02.02
tr root9ext (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

TITLE: Techbrightsolutions - Sql Injection/Admin Panel Bypass # Exploit Author: Onur Kara (root9ext) # Service Provider: TechbrightSolutions # Vulnerable URL: /Admin/login.aspx # Dork: "by TechbrightSolutions" "login" # Vulnerability Type: SQL Bypass # Severity: Critical Vulnerability Description: During a recent penetration test conducted by TechbrightSolutions, a critical SQL injection vulnerability was discovered in the Admin Panel login functionality of TechbrightSolutions' application's code. The vulnerability allows an attacker to bypass authentication controls and execute arbitrary SQL queries, potentially leading to unauthorized access and data compromise. Proof of Concept (PoC): URLs: - http://kolencheryfamilytrust.org/Admin/login.aspx - http://vivacards.in/Admin/AdminLogin.aspx - https://globaljobs24.com/AdminLogin.aspx 1. Visit the admin login page, typically located at: http://kolencheryfamilytrust.org/Admin/login.aspx 2. Input the following payload in the username and password fields: ' or 1=1 -- ' or 1=1 -- 3. Submit the form. 4. Observe that the admin panel is accessible without redirection, indicating successful authentication bypass. # Disclaimer: This PoC is for educational purposes only. Unauthorized access to systems or applications is illegal. Contact Telegram: @rootninext


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top