SQL Injection Vulnerability in Ruperts News Script

Summary

Vulnerability
SQL Injection Vulnerability in Ruperts News Script
Discovered
2006.04.29
Last Update
2006.05.09 Exploitation code published
ID
EV0128
CVE
CVE-2006-2135
Risk Level
medium
Type
SQL Injection
Status
Unpatched. No reply from developer(s)
Vendor
n/a
Vulnerable Software
Ruperts News Script (http://www.electioneering.net/scripts.php)
Version
2004/10/14
PoC/Exploit
Available
Solution
Available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in Ruperts News Script (http://www.electioneering.net/scripts.php) script.

SQL Injection.

Vulnerable script: login.php

Parameter username is not properly sanitized before being used in SQL query. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

PoC/Exploit

1. SQL Injection Example.

URL: http://[host]/cpanel.php
Username: ' union select 1,2,3,4,5/*
Password:

Solution.

To fix this problem install or upgrade to latest version.