new way to bypass admin login



Guys today i will tell you a trick to bypass admin login (in custom sites only)
Its a new idea that came in my mind, may be someone had that before
1st get an Admin Login page (by google dorks or whatever)
Now here we know that what actually happens when username and passwords matches ?
Session is started and thus the user can access all other pages in admin panel
In some cases the Developer uses the session check on login page only (i.e. login.php)
When username and passwords are correct then he is redirected to other page (i.e. main.php or home.php)
For example this is the site to login
http://victim.com/admin/login.php
If username and password is correct the user is redirected to
http://victim.com/admin/home.php
OR
http://victim.com/admin/main.php

Now here if you directly go to this link (without logging in)

http://victim.com/admin/home.php
OR
http://victim.com/admin/main.php
and there is no session check on home.php or main.php then you can see the admin contents Wink
Also you can directly try these links too
edit.php
index.php
upload.php
admin_main.php
admin_home.php
And all other links that came in your mind

Post a Comment

Previous Post Next Post