Authentication Bypass Vulnerability in CALimba
- Authentication Bypass Vulnerability in CALimba
- Last Update
- 2006.02.17 Exploitation code published
- Risk Level
- SQL Injection
- Unpatched. Vendor notyfied.
- Vulnerable Software
- CALimba (http://www.errebit.com/opensource/index.php?rb=calimba)
- 0.99.2, 0.99.1 and earlier
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
SQL Injection found in CALimba (http://www.errebit.com/opensource/index.php?rb=calimba) script.Vulnerable script: rb/cls/rb_auth.php
Variables $login $password are not properly sanitized before being used in a SQL query. This can be used to pass authorization or make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc - off
PoC/ExploitAuthentication Bypass Example:
Login: ') or 1/*
Solution for "Authentication Bypass Vulnerability in CALimba" is not available. Check vendor's website for updates.
Order Source Code Analysis
You may order source code audit of a site made by Aliaksandr Hartsuyeu.The work will be done by experts in website security.