Description - Multiple Vulnerabilities in phphd
Multiple Vulnerabilities found in phphd script.
1. Authentication Bypass
Vulnerable script: check.php
There are two ways to bypass authentication:
a) SQL Injection
Variable $HTTP_POST_VARS[username] isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc - off
b) Cookie based authentication
check.php script dont make password comparisson when identifying user by cookies
2. Multiple Cross-Site Scripting
Vulnerable script: add.php
Most of user-defined data isn't properly sanitized. This can be used to post arbitrary html or script code.
3. Multiple SQL Injections
Vulnerable scripts: all scripts showing some data from database
Most of user-defined data isn't properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc - off
Order Source Code Analysis
You may order source code audit of your website or web application made by eVuln team.The work will be done by experts in web application security.