SQL Injection Vulnerability in Ruperts News Script

Summary

Vulnerability: SQL Injection Vulnerability in Ruperts News Script
Discovered: 2006.04.29
Last Update: 2006.05.09 Exploitation code published
ID: EV0128
CVE: CVE-2006-2135
Risk Level: medium
Type: SQL Injection
Status: Unpatched. No reply from developer(s)
Vendor: n/a
Vulnerable Software: Ruperts News Script (http://www.electioneering.net/scripts.php)
Version: 2004/10/14
PoC/Exploit: Available
Solution: Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in Ruperts News Script (http://www.electioneering.net/scripts.php) script.

SQL Injection.

Vulnerable script: login.php

Parameter username is not properly sanitized before being used in SQL query. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

PoC/Exploit

1. SQL Injection Example.

URL: http://[host]/cpanel.php
Username: ' union select 1,2,3,4,5/*
Password:

Solution.

To fix this problem install or upgrade to latest version.

SQL Injection Vulnerability in Ruperts News Script

Summary

Description

PoC/Exploit

Solution.

Company

Services

eVuln Labs

eVuln Tools