Authentication Bypass in SZUserMgnt
Summary
- Vulnerability
- Authentication Bypass in SZUserMgnt
- Discovered
- 2006.01.26
- Last Update
- 0 n/a
- ID
- EV0053
- CVE
- CVE-2006-0491
- Risk Level
- medium
- Type
- SQL Injection
- Status
- Unpatched
- Vendor
- n/a
- Vulnerable Software
- SZUserMgnt (http://www.subzane.com)
- Version
- 1.4
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
SQL Injection found in SZUserMgnt (http://www.subzane.com) script.
Vulnerable script: SZUserMgnt.class.php
Variable $username isn't properly sanitized before being used in a SQL query. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.
All applications based on "SZUserMgnt class" are vulnerable.
Condition: magic_quotes_gpc - off
PoC/Exploit
Authentication Bypass Example.
link: http://host/szusermgnt/www/login.php
Username: ' or 1/*
Password: any
Solution.
Solution for "Authentication Bypass in SZUserMgnt" is not available. Check vendor's website for updates.