merhawi023
merhawi023
/ mk-auth vulnerabilities discovered
Last active
January 5, 2024 13:28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [description] | |
| An issue was discovered in MK-AUTH 19.01. The web login functionality | |
| allows an attacker to bypass authentication and gain client privileges | |
| via SQL injection in central/executar_login.php. | |
| ------------------------------------------ | |
| [Additional Information] | |
| the script central/executar_login.php had poor sql query construction, | |
| that if manipulated results in gaining access without password |