Website Baker user: Field SQL Injection

2005-12-08T00:00:00
ID OSVDB:21572
Type osvdb
Reporter rgod(retrogod@aliceposta.it)
Modified 2005-12-08T00:00:00

Description

Vulnerability Description

Website Baker has a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin login check script not properly sanitizing user-supplied input to the user field. This may allow an attacker to bypass authentication and upload a malicious php script to inject or manipulate SQL queries in the backend database.

Technical Description

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.

Solution Description

Upgrade to version 2.6.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Website Baker has a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin login check script not properly sanitizing user-supplied input to the user field. This may allow an attacker to bypass authentication and upload a malicious php script to inject or manipulate SQL queries in the backend database.

References:

Vendor URL: http://www.websitebaker.org/2/home/ Security Tracker: 1015335 Secunia Advisory ID:17945 Other Advisory URL: http://rgod.altervista.org/wbaker_260_xpl.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0085.html Generic Exploit URL: http://downloads.securityfocus.com/vulnerabilities/exploits/wbaker_260_xpl.php CVE-2005-4140 Bugtraq ID: 15776