Friends in War Make or Break 1.7 - Authentication Bypass

2017-07-25 15:05:20

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[x] Type: Admin login bypass via SQLi

[x] Vendor: http://software.friendsinwar.com/

[x] Script Name: Make or Break

[x] Script Version: 1.7

[x] Script DL: http://software.friendsinwar.com/downloads.php?cat_id=2&file_id=9

[x] Author: Anarchy Angel

[x] Mail: anarchy[dot]<a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="8cede2ebbfbdccebe1ede5e0">[email protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>[dot]com

[x] More info: https://aahideaway.blogspot.com/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Navigate to scripts admin login page and submit admin' or ''='-- for username

and it should give you access to the admin area. A quick release to
kick off DefCon festivities. See you there! Enjoy >:)

Fixes

No fixes

In order to submit a new fix you need to be registered.