Authentication Bypass in Maian Support

Summary

Vulnerability
Authentication Bypass in Maian Support
Discovered
2006.03.16
Last Update
2006.04.08 Solution added
ID
EV0103
CVE
CVE-2006-1259
Risk Level
medium
Type
SQL Injection
Status
Unpatched. Vendor notyfied.
Vendor
n/a
Vulnerable Software
Maian Support (http://www.maianscriptworld.co.uk/)
Version
1.0
PoC/Exploit
Available
Solution
Available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in Maian Support (http://www.maianscriptworld.co.uk/) script.

Vulnerable script: admin/index.php

Parameters email, pass are not properly sanitized before being used in SQL query. This can be used to bypass authentication using SQL injection or make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

PoC/Exploit

Authentication Bypass Example:

URL: http://[host]/admin/index.php?cmd=login</p>

E-Mail Address: ' or 1/*

Password: any

Solution.

To fix this problem install or upgrade to version 1.1

Link: http://www.maianscriptworld.co.uk/scripts_support.html