EV0056.txt

🗓️ 13 Feb 2006 00:00:00Reported by Aliaksandr HartsuyeuType

packetstorm🔗 packetstormsecurity.com👁 29 Views

New eVuln Advisory GuestBookHost Authentication Bypass CVE-2006-0542 SQL Injectio

Reporter	Title	Published	Views	Family All 6
CVE	CVE-2006-0542	4 Feb 200602:00	–	cve
Cvelist	CVE-2006-0542	4 Feb 200602:00	–	cvelist
EUVD	EUVD-2006-0549	7 Oct 202500:30	–	euvd
NVD	CVE-2006-0542	4 Feb 200602:02	–	nvd
Prion	Sql injection	4 Feb 200602:02	–	prion
securityvulns	[eVuln] GuestBookHost Authentication Bypass	13 Feb 200600:00	–	securityvulns

`New eVuln Advisory:  
GuestBookHost Authentication Bypass  
http://evuln.com/vulns/56/summary.html  
  
--------------------Summary----------------  
eVuln ID: EV0056  
CVE: CVE-2006-0542  
Software: GuestBookHost  
Sowtware's Web Site: http://nukedweb.memebot.com/  
Versions: 2005.04.25  
Critical Level: Moderate  
Type: SQL Injection  
Class: Remote  
Status: Unpatched  
Exploit: Not Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
-----------------Description---------------  
Vulnerable script:  
config.php  
  
Variables $email $password are not properly sanitized before being used in a SQL query. This can be used to pass authentication without password.  
  
Condition: magic_quotes_gpc - off  
  
  
--------------Exploit----------------------  
  
SQL Injection Example:  
  
Link: http://host/guestbookhost/edit.php  
Email: ' or 1/*  
Password: any   
  
--------------Solution---------------------  
No Patch available.  
  
--------------Credit-----------------------  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
`

13 Feb 2006 00:00Current

6.7Medium risk

Vulners AI Score6.7

EPSS0.00828