2daybiz Businesscard Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d68b18ba195b5c9a5d14026b580f1fdf6ac3e255a69f7db8fd3feda02aee1336
# Exploit Title: 2daybiz Businesscard Script Authentication bypass
# Date: 14th july 2010
# Author: D4rk357
#Critical:high
#contact:d4rk357[at]yahoo[dot]in
# Software Link:http://www.2daybiz.com/products/businesscard/index.php
Greetz to :b0nd, Fbih2s,rockey killer,The empty(), punter,eberly,prashant
Shoutz to : http://www.garage4hackers.com/forum.php , h4ck3r.in and all ICW members
##############################################################################
2daybiz Businesscard Login Form Suffers from authentication bypass .
String used for authentication bypass is "a or 1=1" in username and password fields
and it yeilds login .
#################################################################################