Exploit Title : ------------------ Beheshti Univercity Of Iran HTTP Authentication over Unencrypted Vulnerability Exploit Author : -------------------- 4TT4CK3R Tested on : -------------- Windows , Kali linux Date : -------- 2016/03/2 Risk : -------- High HomePage : --------------- http://www.sbu.ac.ir Resource : ------------- /_catalogs/masterpage Request : ------------ GET /_catalogs/masterpage Description : -------------- We discovered a resource requiring HTTP authentication. This resource was available over HTTP. If a user were to authenticate to this resource over HTTP, the supplied credentials would be sent in cleatrtext and be vulnerable to eavesdropping. HTTPS will prevent unauthorized disclosure of HTTP authentication credentials.