SQL injection Auth Bypass in Easy Banner Free
Summary
- Vulnerability
- SQL injection Auth Bypass in Easy Banner Free
- Discovered
- 2010.11.15
- Last Update
- n/a n/a
- ID
- EV0147
- CVE
- n/a
- Risk Level
- medium
- Type
- SQL injection
- Status
- Unpatched. Vendor notified. No reply from developer(s)
- Vendor
- PHP Web Scripts (http://phpwebscripts.com/)
- Vulnerable Software
- Easy Banner Free
- Version
- 2009.05.18
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
SQL injection found in Easy Banner Free script.
- Auth Bypass using SQL Injection
- Vulnerability exists in member.php script. User-defined parameters username and password are not properly sanitized against SQL injections. This can be used to bypass authentication or execute arbitrary SQL query.
PoC/Exploit
Auth Bypass example.
Authentication bypass in member.php is possible using one of the following SQL injections:
username: ' or 1#
password: ' or 'a'='a
Condition.
magic_quotes_gpc = off
Solution.
Solution for "SQL injection Auth Bypass in Easy Banner Free" is not available. Check PHP Web Scripts website for updates.