关键信息 EDB-ID: 36306 CVE: 2015-2237 Author: ZeQ3uL Type: WEBAPPS Platform: PHP Date: 2015-03-06 Vulnerable App: PHP Betoffice (B3tster) 1.0.4 漏洞详情 Exploit Title: B3tster (PHP Betoffice) Authentication Bypass and SQL Injection Software Description: Betster is a Software to create a online bet-office based on PHP, MySQL and JavaScript. Vulnerability Details: - SQL Injection: Found in showprofile.php and categoryedit.php. An attacker can inject arbitrary SQL commands to manipulate the database. - Authentication Bypass: In the index.php (login function), the "username" parameter is not properly validated, leading to an authentication bypass issue. Affected Files showprofile.php: Line 63 categoryedit.php: Line 52 index.php: Login function Exploit Code Conclusion This exploit targets PHP Betoffice (B3tster) 1.0.4 and demonstrates how authentication bypass and SQL injection vulnerabilities can be exploited. The provided exploit code can be used to test or exploit these vulnerabilities in the affected application.