EV0103.txt

2006-04-01T00:00:00
ID PACKETSTORM:45078
Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2006-04-01T00:00:00

Description

                                        
                                            `New eVuln Advisory:  
Maian Support Authentication Bypass  
http://evuln.com/vulns/103/summary.html  
  
--------------------Summary----------------  
eVuln ID: EV0103  
CVE: CVE-2006-1259  
Software: Maian Support  
Sowtware's Web Site: http://www.maianscriptworld.co.uk/  
Versions: 1.0  
Critical Level: Moderate  
Type: SQL Injection  
Class: Remote  
Status: Unpatched. Developer(s) contacted.  
PoC/Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
-----------------Description---------------  
Vulnerable script: admin/index.php  
  
Parameters email, pass are not properly sanitized before being used in SQL query. This can be used to bypass authentication using SQL injection or make any SQL query by injecting arbitrary SQL code.  
  
Condition: magic_quotes_gpc = off  
  
--------------PoC/Exploit----------------------  
Available at: http://evuln.com/vulns/103/exploit.html  
  
Authentication Bypass Example:  
  
URL: http://[host]/admin/index.php? cmd=login  
  
E-Mail Address: ' or 1/*  
Password: any  
  
--------------Solution---------------------  
No Patch available.  
  
--------------Credit-----------------------  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
  
Regards,  
Aliaksandr Hartsuyeu  
http://evuln.com - Penetration Testing Services  
.  
`