header-logo
Suggest Exploit
vendor:
Social Community Script
by:
L0rd CrusAd3r
7,5
CVSS
HIGH
Authentication Bypass
89
CWE
Product Name: Social Community Script
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: 2daybiz/social_community
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Social Community Script SQL Vulnerable

2daybiz Social Community site php script is an online social networking software that allows you to start your own site just like Myspace, Hi5 and Facebook. This community script allows members to connect people in their personal networks and create a new online interactive resource that is based on a trusted network of friends and associates on the internet. The Provided Script as Sqli Vulnerability in Admin Login page. Use the string a' or '1'='1 for Username and Password to gain access.

Mitigation:

Ensure that user input is properly validated and sanitized before being used in SQL queries.
Source

Exploit-DB raw data:

1               ##########################################             1
0               I'm L0rd CrusAd3r member from Inj3ct0r Team            1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Social Community Script SQL Vulnerable 
Vendor url:http://www.2daybiz.com/
Version:1
Price:250$
Published: 2010-06-22
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, M4n0j, Sonic Bluehat.
Special Greetz: Topsecure.net, inj3ct0r Team , Andhrahackers.com
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:

2daybiz Social Community site php script is an online social networking software that allows you to start your own site just like Myspace, Hi5 and Facebook. This community script allows members to connect people in their personal networks and create a new online interactive resource that is based on a trusted network of friends and associates on the internet.

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Vulnerability:

*Authentication Bypass found

The Provided Script as Sqli Vulnerability in Admin Login page

DEMO URL:

http://server/socialcommunity/admin/index.php

Use the string a' or '1'='1 for Username and Password to gain access.


# 0day n0 m0re #
# L0rd CrusAd3r #

Navigation

Suggest Exploit

Services By CQR