header-logo
Suggest Exploit
vendor:
Make or Break
by:
Anarchy Angel
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Make or Break
Affected Version From: 1.7
Affected Version To: 1.7
Patch Exists: NO
Related CWE: N/A
CPE: software.friendsinwar.com/downloads.php?cat_id=2&file_id=9
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Admin login bypass via SQLi

Navigate to scripts admin login page and submit admin' or ''='-- for username and it should give you access to the admin area.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[x] Type: Admin login bypass via SQLi

[x] Vendor: http://software.friendsinwar.com/

[x] Script Name: Make or Break

[x] Script Version: 1.7

[x] Script DL: http://software.friendsinwar.com/downloads.php?cat_id=2&file_id=9

[x] Author: Anarchy Angel

[x] Mail: anarchy[dot]ang31@gmail[dot]com

[x] More info: https://aahideaway.blogspot.com/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Navigate to scripts admin login page and submit admin' or ''='-- for username

and it should give you access to the admin area. A quick release to
kick off DefCon festivities. See you there! Enjoy >:)

Navigation

Suggest Exploit

Services By CQR