Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
PhpMyLogon SQL Injection - exploit.company
header-logo
Suggest Exploit
vendor:
PhpMyLogon
by:
Blake
9
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: PhpMyLogon
Affected Version From: 2
Affected Version To: 2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows XP SP3
2010

PhpMyLogon SQL Injection

The PhpMyLogon application is vulnerable to SQL injection. By manipulating the username field during the login process, an attacker can bypass authentication and gain unauthorized access to the application. The vulnerable code retrieves user information from the database using a SQL query that is constructed with user-supplied input without proper sanitization or parameterization, allowing an attacker to inject malicious SQL statements. This vulnerability can be exploited by entering a specially crafted username, such as 'blake' or '1'='1' #', which will cause the query to return all records from the database, effectively bypassing the authentication check. This allows the attacker to log in as any user without knowing their password.

Mitigation:

To mitigate this vulnerability, the application should use parameterized queries or prepared statements to handle user input. This ensures that user-supplied data is properly sanitized and prevents SQL injection attacks. Additionally, the application should implement strong authentication mechanisms, such as using secure password hashing algorithms and enforcing password complexity requirements. Regular security testing and code review should also be performed to identify and address any potential vulnerabilities.
Source

Exploit-DB raw data:

# Exploit Title: PhpMyLogon SQL Injection
# Date: March 14, 2010
# Author: Blake
# Software Link: http://sourceforge.net/projects/phpmylogon/files/PhpMyLogon/PhpMyLogon%202/phpmylogon2.zip/download
# Version: 2
# Tested on: Windows XP SP3


Proof of Concept:
Enter the following for the username to login as the first user:
blake'  or '1'='1' #
and anything for the password.

Vulnerable Code:
        if(isset($_POST['submit'])) {
            if($_POST['username'] != "" AND $_POST['password'] != "") {
                // Check submitted data with data in database
                $sql = "SELECT id,username,password,cookie_pass,actcode,rank FROM `".$settings['db_table']."` WHERE username = '".$_POST['username']."' LIMIT 1";
                $query = mysql_query($sql);

Navigation

Suggest Exploit

Services By CQR