Authentication Bypass in Maian Support
Summary
- Vulnerability
- Authentication Bypass in Maian Support
- Discovered
- 2006.03.16
- Last Update
- 2006.04.08 Solution added
- ID
- EV0103
- CVE
- CVE-2006-1259
- Risk Level
- medium
- Type
- SQL Injection
- Status
- Unpatched. Vendor notyfied.
- Vendor
- n/a
- Vulnerable Software
- Maian Support (http://www.maianscriptworld.co.uk/)
- Version
- 1.0
- PoC/Exploit
- Available
- Solution
- Available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
SQL Injection found in Maian Support (http://www.maianscriptworld.co.uk/) script.
Vulnerable script: admin/index.php
Parameters email, pass are not properly sanitized before being used in SQL query. This can be used to bypass authentication using SQL injection or make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
PoC/Exploit
Authentication Bypass Example:
URL: http://[host]/admin/index.php?cmd=login</p>
E-Mail Address: ' or 1/*
Password: any
Solution.
To fix this problem install or upgrade to version 1.1
Link: http://www.maianscriptworld.co.uk/scripts_support.html