Linux Optic Web Design and development- Login Bypass


I am posting my exploit Linux Optic Web Design and development- Login Bypass which has got CVS (Critical Vulnerability Scaling) of 8.1 out of 10.

# Exploit Title: Direct login to admin panel without entering password
# Google Dork: Design by 2009
# Date: 2015-07-10
# Exploit Author: Aaditya Purani
# Vendor Homepage:
# Software Link: No software link
# Version: 2009 Web admin login panel
# Tested on: Kali Linux/ Windows 7
# CVE : Critical Vulnerability

This is Aaditya purani and i have found a critical bug in websites which has been designed by Linuxoptic.
First type the dork "Design by 2009" in google without Double quotes(").

Then after find the site in which their is written Design by 2009 in the footer

Now, go to it's admin page

After opening the admin panel . Follow this link

And voila you will be directly login into the admin panel and you can also upload your backdoor and deface.


It's admin panel :

Directly login to admin panel :

Thank you

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s