Authentication Bypass Vulnerability in DSLogin
Summary
- Vulnerability
- Authentication Bypass Vulnerability in DSLogin
- Discovered
- 2006.03.12
- Last Update
- 2006.03.23 Exploitation code published
- ID
- EV0100
- CVE
- CVE-2006-1238
- Risk Level
- medium
- Type
- SQL Injection
- Status
- Unpatched. No reply from developer(s)
- Vendor
- n/a
- Vulnerable Software
- DSLogin (http://dsportal.uw.hu/)
- Version
- 1.0
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
SQL Injection found in DSLogin (http://dsportal.uw.hu/) script.
Vulnerable scripts:
index.php
admin/index.php
Variable $log_userid isn't properly sanitized before being used in SQL query. This can be used to bypass authentication using SQL injection and make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
PoC/Exploit
Authentication Bypass Example:
URL: http://[host]/dslogin/index.php
Username: ' or 1/*
Password: any
Solution.
Solution for "Authentication Bypass Vulnerability in DSLogin" is not available. Check vendor's website for updates.