I MurderSkillz from www.g00ns.net have found a auth bypass vulnerability in Schooltools Site Builder - Educator Edition (Possibly other versions). The vulnerability takes place in admin.asp. I believe what http://schooltools.us does is they host their customers and they all have http://sites.schooltools.us/sites/[ACCOUNT]/admin.asp Of course u can do a website spider to get these other folders/websites cause if you put in http://sites.schooltools.us/sites/ you get access denied. Vuln found by MurderSkillz - g00ns.net HTML coded by uid0 - exploitercode.com Shoutz to all the g00ns and the ppl who fucking hate us =) <---Start HTML--->
www.exploitercode.com - www.g00ns.net
Schooltools Site Builder - Educator Edition (Possibly other versions)
Orignal exploit by MurderSkillz and uid0
To have this exploit work, edit the post action under the [ACCOUNT] brackets.