CVE-2021–36560
2 min readSep 21, 2021
Authentication Bypass of The Admin Panel.
👨🏼💻Discovered by Pratik Khalane
📄Vulnerable version: 1.0
🔗Vendor Homepage: https://www.sourcecodester.com/
Bug Description:
An attacker can easily bypass the login page to get into the dashboard of the admin panel.
Steps to Reproduce:
- Go to the admin panel of the online SMS login page.
2. Now there are 2 ways by which you can bypass the page
i) Using Tools: Over here we can brute force the directory by using the dirbuster wordlist. By this, you can discover that there is a dashboard.php page that can lead to the admin panel very easily.
ii)Without using the tools:
Step1: Press Ctrl + U for looking at the website source code.
Step 2: Now as you can see that the form action is leading us to go for the Exlogin.php page.
Step 3: As you can see that we got the location which we can attempt to visit and bypass the admin panel.
