11 matches found
YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql`
Issue Details: YAFNET's only admin authorization gate is PageSecurityCheckAttribute, implemented as a ResultFilterAttribute that runs after the page handler completes rather than before it. No other gate exists. Any admin OnPost… handler therefore executes its side effects before the filter...
CVE-2025-55734
flaskBlog is a blog app built with Flask. In 2.8.0 and earlier, the code checks if the userRole is "admin" only when visiting the /admin page, but not when visiting its subroutes. Specifically, only the file routes/adminPanel.py checks the user role when a user is trying to access the admin page,...
CVE-2019-9884
eClass platform ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page...
Imrokraft Solutions CMS Admin Page ByPass Vulnerability
Exploit for php platform in category web applications Exploit Title : Imrokraft Solutions CMS Admin Page ByPass Exploit Author : xBADGIRL21 Dork : intext:"Designed by Imrokraft Solutions" or intext:"Powered By : Imrokraft Solutions" Vendor : http://www.imrokraft.com/ Tested on: Windows...
The Realm / Dashgum Software CMS Admin Page ByPass Vulnerability
Exploit for php platform in category web applications Exploit Title : The Realm / Dashgum Software CMS Admin Page ByPass Exploit Author : xBADGIRL21 version The Realm : 1.0.1 version Dashgum : v2 Vendor : http://www.bluthemes.com/item/realm - http://gridgum.com/themes/dashgum-bootstrap-dashboard/...
SMEweb 1.5f Cross Site Scripting / SQL Injection
Exploit Title : SMEweb 1.5f Multiple Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : http://www.ebizzi.net/ Google Dork : "Powered by SMEweb" Date: 2016/02/07 Version: 1.5f PoC: 1-Admin Page Bypass Username : '=''or' Password : '=''or' Demo :...
SuperCheapCallSltd SQL Injection
| \ | / /| | | / || \ | D | \ | || o || | | / | |\ || / || || | | | \ | |/ \ || | || || | | | . \ | |\ || | || | || | | ||||||||||||||| Exploit name: SuperCheapCallSltd admin page bypass Google dork: Make one by yourself ! Exploit author: Risman Tested on: Linux Security Risk : High Category:...
A1 Creation SQL Injection
| \ | / /| | | / || \ | D | \ | || o || | | / | |\ || / || || | | | \ | |/ \ || | || || | | | . \ | |\ || | || | || | | ||||||||||||||| Exploit name: A1 Creation admin page bypass Google dork: Make one by yourself ! Exploit author: Risman Tested on: Linux Security Risk : Category: Web...
Apex Software House SQL Injection
| \ | / /| | | / || \ | D | \ | || o || | | / | |\ || / || || | | | \ | |/ \ || | || || | | | . \ | |\ || | || | || | | ||||||||||||||| Exploit name: Apex Software House admin page bypass Google dork: Make one by yourself ! Exploit author: Risman Tested on: Linux Security Risk : High Category:...
The Formula Group SQL Injection
============================================ Exploit Title : The Formula Group Auth bypass Google Dork : intext:"WEB DESIGN BY THE FORMULA" Date : 2011-2-10 Author : nGa Sa Lu GaNgst3r Service Link : http://www.theformula.co.za/index.phptheform Tested on : Vista Platform : asp...
CyberScribe SQL-I & (admin) Auth ByPass Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...