2daybiz Businesscard Script Authentication bypass

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : 2daybiz Businesscard Script Authentication bypass
# Published : 2010-07-14
# Author : D4rk357
# Previous Title : Zenphoto CMS 1.3 Multiple CSRF Vulnerabilities
# Next Title : BS Scripts Directory (info.php) SQL Injection Vulnerability

# Exploit Title: 2daybiz Businesscard Script Authentication bypass
# Date: 14th july 2010
# Author: D4rk357
#Critical:high
#contact:d4rk357[at]yahoo[dot]in
# Software Link:http://www.2daybiz.com/products/businesscard/index.php

Greetz to :b0nd, Fbih2s,rockey killer,The empty(), punter,eberly,prashant
Shoutz to : http://www.garage4hackers.com/forum.php , h4ck3r.in and  all ICW members

##############################################################################

2daybiz Businesscard Login Form Suffers from authentication bypass .
String used for authentication bypass is "a or 1=1" in username and password fields 
and it yeilds login .

#################################################################################