PRE DYNAMIC INSTITUTION WEB authentication bypass

vendor:

DYNAMIC INSTITUTION WEB

by:

D4rk357

7.5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: DYNAMIC INSTITUTION WEB

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE: preproject.com/uniweb.asp

Metasploit:

Other Scripts:

Platforms Tested:

2010

PRE DYNAMIC INSTITUTION WEB authentication bypass

The exploit allows an attacker to bypass the authentication process on the PRE DYNAMIC INSTITUTION WEB software. By entering 'admin' as the username and '' or '1'='1' as the password on the login page, the attacker can gain unauthorized access to the system.

Mitigation:

The vendor should release a patch or update to fix the authentication bypass vulnerability. In the meantime, users are advised to implement strong passwords and limit access to the software.

Source

Exploit-DB raw data:

#################################################################
# Exploit Title: PRE DYNAMIC INSTITUTION WEB authentication bypass

# Date: 16th july 2010

# Author: D4rk357

#Critical:high

#contact:d4rk357[at]yahoo[dot]in

Price : 150$

# Software Link:http://preproject.com/uniweb.asp
 
Greetz to :b0nd, Fbih2s,Beenu,rockey killer,The empty(), punter,eberly,prashant

Shoutz to : http://www.garage4hackers.com/forum.php , h4ck3r.in and  all ICW members
 
##############################################################################
Exploit : On login page put admin and usename and ' or '1'='1 as password . 
you will be logged into the system

 ##################################################################################
 #D4rk357