Pre webhost System authentication bypass

vendor:

Pre webhost System

by:

D4rk357

7.5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: Pre webhost System

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2010

Pre webhost System authentication bypass

On the login page, entering 'admin' as the username and '' or '1'='1' as the password allows the attacker to bypass authentication and gain access to the system.

Mitigation:

Implement proper input validation and parameterization to prevent SQL injection vulnerabilities.

Source

Exploit-DB raw data:

#################################################################
# Exploit Title: Pre webhost System authentication bypass

# Date: 16th july 2010

# Author: D4rk357

#Critical:high

#contact:d4rk357[at]yahoo[dot]in

Price : 150$

# Software Link:http://preproject.com/preweb.asp
 
Greetz to :b0nd, Fbih2s,Beenu,rockey killer,The empty(), punter,eberly,prashant

Shoutz to : http://www.garage4hackers.com/forum.php , h4ck3r.in and  all ICW members
 
##############################################################################
Exploit : On login page put admin and usename and ' or '1'='1 as password . 
you will be logged into the system

 ##################################################################################
 #D4rk357