adminname Authentication Bypass in ScozBook
Summary
- Vulnerability
- adminname Authentication Bypass in ScozBook
- Discovered
- 2006.01.02
- Last Update
- 0 n/a
- ID
- EV0011
- CVE
- CVE-2006-0079
- Risk Level
- medium
- Type
- SQL Injection
- Status
- Unpatched
- Vendor
- ScozNet (http://www.scoznet.com/)
- Vulnerable Software
- ScozBook (http://sourceforge.net/projects/scozbook/)
- Version
- BETA 1.1
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
SQL Injection found in ScozBook (http://sourceforge.net/projects/scozbook/) script.
Vulnerable scripts: auth.php
Variable $adminname isn't properly sanitized before being used in a SQL query.
Script /auth.php from main directory registers session with $adminname and $adminpass variables which used by scripts from /admin/ dirrectory.
Condition: magic_quotes_gpc = off
PoC/Exploit
Link: http://host/auth.php
username: a' or 'a'='a'/*
password: anypassword
Solution.
Solution for "adminname Authentication Bypass in ScozBook" is not available. Check ScozNet website for updates.