Authentication Bypass by SQL Injection in Social Share

Summary

Vulnerability: Authentication Bypass by SQL Injection in Social Share
Discovered: 2010.12.09
Last Update: n/a n/a
ID: EV0167
CVE: n/a
Risk Level: medium
Type: SQL Injection
Status: Unpatched. Vendor notified. No reply from developer(s).
Vendor: n/a
Vulnerable Software: Social Share (http://sourceforge.net/projects/socialshare/)
Version: 2010-06-05
PoC/Exploit: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in Social Share (http://sourceforge.net/projects/socialshare/) script.

Auth Bypass by SQL Injection

Vulnerable script: functions.php

Parameter username is not properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code and log in without password.

Condition: magic_quotes: off

PoC/Exploit

SQL Injection Auth Bypass Exploit.

Username: anytext' or verified=1#

Password: arbitrary_text

Solution.

Solution for "Authentication Bypass by SQL Injection in Social Share" is not available. Check vendor's website for updates.

Authentication Bypass by SQL Injection in Social Share

Summary

Description

Auth Bypass by SQL Injection

PoC/Exploit

SQL Injection Auth Bypass Exploit.

Solution.

Company

Services

eVuln Labs

eVuln Tools