Authentication Bypass in GuestBookHost

Summary

Vulnerability
Authentication Bypass in GuestBookHost
Discovered
2006.02.01
Last Update
2006.02.11 Exploitation code published
ID
EV0056
CVE
CVE-2006-0542
Risk Level
medium
Type
SQL Injection
Status
Unpatched
Vendor
n/a
Vulnerable Software
GuestBookHost (http://nukedweb.memebot.com/)
Version
2005.04.25
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in GuestBookHost (http://nukedweb.memebot.com/) script.

Vulnerable script:
config.php

Variables $email $password are not properly sanitized before being used in a SQL query. This can be used to pass authentication without password.

Condition: magic_quotes_gpc - off

PoC/Exploit

SQL Injection Example:

Link: http://host/guestbookhost/edit.php
Email: ' or 1/*
Password: any

Solution.

Solution for "Authentication Bypass in GuestBookHost" is not available. Check vendor's website for updates.