facebook facebook twitter rss

Difadi Admin Bypass Remote SQL Injection Vulnerability

Author: Casper Moroccan , Published: 24-07-2014
############################################################################
## Author : Casper Moroccan
## Difadi Admin Bypass Remote SQL Injection Vulnerability
## Location : CasaBlanca, Morocco
## Date: 24/07/2014
## Software Link: http://difadi.com/
## Tested on : All OS
##############################################################################
## l3achran dakchi rah ba9i New ;)
##############################################################################
## Vulnerable Code - /ver-noticia.php
4.$login = $_POST["usuario"];
5.$senha = $_POST["clave"];
6.$sql = "select * from news_adm where login='$usuario' AND senha='$clave'";
7.$query = mysql_query($sql);
8.$nr = mysql_num_rows($query);
9.if($nr>0){
10.$_SESSION["admin"] = "on";
11.echo "<script>
12.location.href='../'
13.</script>
-------------------------------------------------------[admin
bypass]-----------------------------------------------------
## Google Dork: intext:"Diseño Web por Difadi.com" & inurl:"id"
## NOTE:
## As you can see there is no validation or any filter to variables
$usuario and $clave .
## See line 6, so you can inject sql query by using $usuario and
$clave variables.
## SQL Injection PoC:
## http://localhost/path/admin/
## usuario : difadi
## clave : 127difadi
-------------------------------------------------------[SQL
INJECTION]-----------------------------------------------------
## http://localhost/path/ver-noticia.php?id=num
#############################################################################Greet
To : All My Friends || ARAB GHOSTS TEAM ||
############################################################################

Like us on Facebook :