Authentication Bypass Vulnerability in SmE GB Host

Summary

Vulnerability: Authentication Bypass Vulnerability in SmE GB Host
Discovered: 2006.02.06
Last Update: 2006.02.24 CVE entry added
ID: EV0066
CVE: CVE-2006-0661 CVE-2006-0856
Risk Level: medium
Type: SQL Injection
Status: Unpatched. No reply from developer(s)
Vendor: n/a
Vulnerable Software: SmE GB Host (http://www.scriptme.com/)
Version: 1.21
PoC/Exploit: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in SmE GB Host (http://www.scriptme.com/) script.

Vulnerable script: sme_admin/login.php

Username value isn't properly sanitized before being used in a SQL query. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc - off

PoC/Exploit

Authorization Bypass Example.

Url: http://host/smegbhost/sme_admin/login.php
Username: ' or 1/*
Password: any

Solution.

Solution for "Authentication Bypass Vulnerability in SmE GB Host" is not available. Check vendor's website for updates.

Authentication Bypass Vulnerability in SmE GB Host

Summary

Description

PoC/Exploit

Solution.

Company

Services

eVuln Labs

eVuln Tools