Unified conference system universal password vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201130370
Type myhack58
Reporter 佚名
Modified 2011-05-07T00:00:00


Vulnerability description: the Unified conference system(the Unified Council Systems)there is a serious administrator authentication bypass vulnerability, if not fix the vulnerability, an attacker using a simple or=or you can break through the background verification of the limit, the consequences are quite serious.

Vulnerability type: sql injection, the Universal password, the background bypass vulnerability......

Google keywords: intext:"Unified Council. All rights reserved."

Vulnerability test:




[+]Username : 1'Or '1'='1

[+]Password : 1'Or '1'='1