SQL Injection Auth Bypass in Bit 5 Blog
- SQL Injection Auth Bypass in Bit 5 Blog
- Last Update
- 0 n/a
- Risk Level
- SQL Injection
- Vulnerable Software
- Bit 5 Blog (http://bit5blog.sourceforge.net/)
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
SQL Injection found in Bit 5 Blog (http://bit5blog.sourceforge.net/) script.
Vulnerable script: processlogin.php
Variables $_POST['username'] and $_POST['password'] are not properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code and log in without password.
Authentication bypass example (SQL Injection):
User Name: a' or 1/*
Password: a' or 1/*
Solution for "SQL Injection Auth Bypass in Bit 5 Blog" is not available. Check vendor's website for updates.