Authentication Bypass Vulnerability in CALimba

Summary

Vulnerability
Authentication Bypass Vulnerability in CALimba
Discovered
2006.02.07
Last Update
2006.02.17 Exploitation code published
ID
EV0068
CVE
CVE-2006-0693
Risk Level
medium
Type
SQL Injection
Status
Unpatched. Vendor notyfied.
Vendor
n/a
Vulnerable Software
CALimba (http://www.errebit.com/opensource/index.php?rb=calimba)
Version
0.99.2, 0.99.1 and earlier
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in CALimba (http://www.errebit.com/opensource/index.php?rb=calimba) script.

Vulnerable script: rb/cls/rb_auth.php

Variables $login $password are not properly sanitized before being used in a SQL query. This can be used to pass authorization or make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc - off

PoC/Exploit

Authentication Bypass Example:

Url: http://host/calimba/login.php
Login: ') or 1/*
Password: any

Solution.

Solution for "Authentication Bypass Vulnerability in CALimba" is not available. Check vendor's website for updates.