Bugtraq mailing list archives
[eVuln] DSLogin Authentication Bypass Vulnerability
From: alex () evuln com
Date: 27 Mar 2006 12:32:01 -0000
New eVuln Advisory: DSLogin Authentication Bypass Vulnerability http://evuln.com/vulns/100/summary.html --------------------Summary---------------- eVuln ID: EV0100 CVE: CVE-2006-1238 Software: DSLogin Sowtware's Web Site: http://dsportal.uw.hu/ Versions: 1.0 Critical Level: Moderate Type: SQL Injection Class: Remote Status: Unpatched. No reply from developer(s) PoC/Exploit: Not Available Solution: Not Available Discovered by: Aliaksandr Hartsuyeu (eVuln.com) -----------------Description--------------- Vulnerable scripts: index.php admin/index.php Variable $log_userid isn't properly sanitized before being used in SQL query. This can be used to bypass authentication using SQL injection and make any SQL query by injecting arbitrary SQL code. Condition: magic_quotes_gpc = off --------------PoC/Exploit---------------------- Waiting for developer(s) reply. If there is no reply exploitation code will be published in 10 days http://evuln.com/vulns/100/exploit.html --------------Solution--------------------- No Patch available. --------------Credit----------------------- Discovered by: Aliaksandr Hartsuyeu (eVuln.com) Regards, Aliaksandr Hartsuyeu http://evuln.com - Penetration Testing Services .
Current thread:
- [eVuln] DSLogin Authentication Bypass Vulnerability alex (Mar 27)