Authentication Bypass in miniBloggie

Summary

Vulnerability
Authentication Bypass in miniBloggie
Discovered
2006.01.23
Last Update
0 n/a
ID
EV0047
CVE
CVE-2006-0417
Risk Level
medium
Type
SQL Injection
Status
Unpatched
Vendor
myWebland (http://mywebland.neopages.net/)
Vulnerable Software
miniBloggie
Version
1.0
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in miniBloggie script.

Vulnerable scripts:
login.php

Username and password isn't properly sanitized before being used in a SQL query. This can be used to log in as administrator without password.

Condition: magic_quotes_gpc: off

PoC/Exploit

Login Page:
http://host/minibloggie/login.php

User Name: ' or 1/*
Password: ' or 1/*

Solution.

Solution for "Authentication Bypass in miniBloggie" is not available. Check myWebland website for updates.

Order Source Code Audit

Protect against hacker attacks by PHP code testing of your site or web application done by eVuln team.The work will be done by experts in web security.

Advisories by vuln type

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>