Infoproject Biznis Heroj (login.php) Authentication Bypass Vulnerability

2011-12-21T00:00:00
ID ZSL-2011-5065
Type zeroscience
Reporter Gjoko Krstic
Modified 2011-12-21T00:00:00

Description

Title: Infoproject Biznis Heroj (login.php) Authentication Bypass Vulnerability
Advisory ID: ZSL-2011-5065
Type: Local/Remote
Impact: Security Bypass
Risk: (3/5)
Release Date: 21.12.2011

Summary

Biznis Heroj or Business Hero (Бизнис Херој) is the first software on the Macedonian market that will help you manage your business processes in your company, such as accounting, production, acquisition, archiving, inventory, and the Cloud. Using the Cloud technology, Biznis Heroj allows you to access the system from any computer at any time through any internet browser.

Description

The vulnerability is caused due to an error in the logon authentication script (login.php) and can be exploited to bypass the login procedure by defining the 'username' and 'password' POST parameters with an SQL Injection attack, gaining admin privileges.

Vendor

Infoproject DOO - <http://www.biznisheroj.mk>

Affected Version

Plus, Pro and Extra

Tested On

Apache, PHP

Vendor Status

[14.12.2011] Vulnerability discovered.
[15.12.2011] Contact with the vendor.
[20.12.2011] No response from the vendor.
[21.12.2011] Public security advisory released.

PoC

biznish_ab.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] <http://www.exploit-db.com/exploits/18259/>
[2] <http://securityreason.com/exploitalert/11069>
[3] <http://www.securityfocus.com/bid/51151>
[4] <http://packetstormsecurity.org/files/108079/ZSL-2011-5065.txt>
[5] <http://xforce.iss.net/xforce/xfdb/71927>
[6] <http://www.securityhome.eu/exploits/exploit.php?eid=14495359314ef29e06dfb9e5.27087577>
[7] <http://cxsecurity.com/issue/WLB-2011120038>
[8] <http://osvdb.org/show/osvdb/78294>
[9] <http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-5039>

Changelog

[21.12.2011] - Initial release
[22.12.2011] - Added reference [4], [5] and [6]
[24.11.2011] - Added reference [7]
[15.01.2012] - Added reference [8] and [9]

Contact

Zero Science Lab

Web: <http://www.zeroscience.mk>
e-mail: lab@zeroscience.mk

                                        
                                            
Infoproject Biznis Heroj (login.php) Authentication Bypass Vulnerability


Vendor: Infoproject DOO
Product web page: http://www.biznisheroj.mk
Affected version: Plus, Pro and Extra

Summary: Biznis Heroj or Business Hero (Áèçíèñ Õåðî¼) is the first
software on the Macedonian market that will help you manage your
business processes in your company, such as accounting, production,
acquisition, archiving, inventory, and the Cloud. Using the Cloud
technology, Biznis Heroj allows you to access the system from any
computer at any time through any internet browser.

Desc: The vulnerability is caused due to an error in the logon
authentication script (login.php) and can be exploited to bypass
the login procedure by defining the 'username' and 'password' POST
parameters with an SQL Injection attack, gaining admin privileges.

Tested on: Apache, PHP


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            liquidworm gmail com


Vendor status:

[14.12.2011] Vulnerability discovered.
[15.12.2011] Contact with the vendor.
[20.12.2011] No response from the vendor.
[21.12.2011] Public security advisory released.


Advisory ID: ZSL-2011-5065
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5065.php


14.12.2011

---


PoC:

https://[TARGET]/login.php

Username: ' or 1=1--
Password: ' or 1=1--