Authentication Bypass and SQL Injection in MD News

Summary

Vulnerability
Authentication Bypass and SQL Injection in MD News
Discovered
2006.04.05
Last Update
2006.04.15 Exploitation code published
ID
EV0120
CVE
CVE-2006-1755 CVE-2006-1756
Risk Level
medium
Type
Multiple Vulnerabilities
Status
Unpatched. No reply from developer(s)
Vendor
n/a
Vulnerable Software
MD News (http://www.matthewdingley.co.uk/)
Version
1
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Multiple Vulnerabilities found in MD News (http://www.matthewdingley.co.uk/) script.

1. SQL Injection.

Vulnerable script: admin.php

Parameter id is not properly sanitized before being used in SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

2. Authentication Bypass.

"Administration Area" script has no any authentication. Any user can get access to administrator's area. (Just need to know script name)

PoC/Exploit

SQL Injection Example:

http://[host]/admin.php?action=full&id=-1 union select 1,2,3,4,5

Solution.

Solution for "Authentication Bypass and SQL Injection in MD News" is not available. Check vendor's website for updates.