Authentication Bypass in VEGO Links Builder
- Authentication Bypass in VEGO Links Builder
- Last Update
- 0 n/a
- Risk Level
- SQL Injection
- VEGO (http://alas.matf.bg.ac.yu/~mr99067)
- Vulnerable Software
- VEGO Links Builder
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
SQL Injection found in VEGO Links Builder script.
Vulnerable script: login.php
Variable $username isn't properly sanitized before being used in a SQL query. This can be used to enter administrator area without password.
Condition: magic_quotes_gpc = off
username: a' or 1/*
Solution for "Authentication Bypass in VEGO Links Builder" is not available. Check VEGO website for updates.
Order Source Code Analysis
Prevent attacks by source code analysis of your site or web application made by our team.The work will be done by experts in web security.