Milkeyway Captive Portal admin/authgroup.php teamname Variable SQL Injection

2006-03-16T12:47:37
ID OSVDB:23930
Type osvdb
Reporter Francesco "aScii" Ongaro(ascii@katamail.com)
Modified 2006-03-16T12:47:37

Description

Vulnerability Description

Milkeyway Captive Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin/authgroup.php script not properly sanitizing user-supplied input to the 'teamname' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Technical Description

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.

An attacker must supply valid administrative authentication credentials (or bypass authentication) in order to exploit this vulnerability.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: turn the PHP magic_quotes_gpc option 'on'.

Short Description

Milkeyway Captive Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin/authgroup.php script not properly sanitizing user-supplied input to the 'teamname' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

References:

Vendor URL: http://sourceforge.net/projects/milkeyway Security Tracker: 1015778 Secunia Advisory ID:19258 Related OSVDB ID: 23926 Related OSVDB ID: 23931 Related OSVDB ID: 23925 Related OSVDB ID: 23928 Related OSVDB ID: 23932 Related OSVDB ID: 23927 Related OSVDB ID: 23929 Related OSVDB ID: 23933 Other Advisory URL: http://www.ush.it/team/ascii/hack-milkeway/advisory.txt Other Advisory URL: http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1572.html