2DayBiz Businesscard Script - Authentication Bypass

EDB-ID:

14357

CVE:



Author:

D4rk357

Type:

webapps


Platform:

PHP

Date:

2010-07-14


# Exploit Title: 2daybiz Businesscard Script Authentication bypass
# Date: 14th july 2010
# Author: D4rk357
#Critical:high
#contact:d4rk357[at]yahoo[dot]in
# Software Link:http://www.2daybiz.com/products/businesscard/index.php

Greetz to :b0nd, Fbih2s,rockey killer,The empty(), punter,eberly,prashant
Shoutz to : http://www.garage4hackers.com/forum.php , h4ck3r.in and  all ICW members

##############################################################################

2daybiz Businesscard Login Form Suffers from authentication bypass .
String used for authentication bypass is "a or 1=1" in username and password fields 
and it yeilds login .

#################################################################################