bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/18467.txt
Offensive Security d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

33 lines
No EOL
1.1 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: XRayCMS 1.1.1 SQL Injection Vulnerability
# Date: 2/5/2012
# Author: chap0
# Software Link: http://sourceforge.net/projects/xraycms/files/latest/download
# Version: 1.1.1
# Tested on: Ubuntu
XRay CMS is vulnerable to a SQL Injection attack which allows
authentication bypass into the admins account. If a malicious
user supplies ' or 1=1# into the applications user name field
they will be logged into the applications admin account.
Jan 29, 2012 Contacted Vendor No Response
Feb 05, 2012 Public Disclosure
Since the vendor did not reply we attempted to create our own
fixes for this issue. The vulnerability exist in “login2.php”
on lines 20 and 21.
17 if(!isset($_POST['username'])) header("Location: login.php?error_username");
18 if(!isset($_POST['password'])) header("Location: login.php?error_password");
19
20 $user = $_POST['username'];
21 $pass = $_POST['password'];
If the lines 20 and 21 are changed to:
$user = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['password']);
This will prevent the sql injection from happening in the user name field.
Reference in a new issue View git blame Copy permalink