CVE-2021–36560

Pratikkhalane
2 min readSep 21, 2021

--

Authentication Bypass of The Admin Panel.

👨🏼‍💻Discovered by Pratik Khalane

📄Vulnerable version: 1.0

🔗Vendor Homepage: https://www.sourcecodester.com/

Bug Description:

An attacker can easily bypass the login page to get into the dashboard of the admin panel.

Steps to Reproduce:

  1. Go to the admin panel of the online SMS login page.
LOGIN PAGE

2. Now there are 2 ways by which you can bypass the page

i) Using Tools: Over here we can brute force the directory by using the dirbuster wordlist. By this, you can discover that there is a dashboard.php page that can lead to the admin panel very easily.

ii)Without using the tools:

Step1: Press Ctrl + U for looking at the website source code.

Source_code

Step 2: Now as you can see that the form action is leading us to go for the Exlogin.php page.

ExLogin.php

Step 3: As you can see that we got the location which we can attempt to visit and bypass the admin panel.

Dashboard

--

--

Pratikkhalane

As a penetration tester and cybersecurity researcher, I have a deep understanding of the security process to ensure all vulnerabilities are identified