Authentication Bypass Vulnerability in CALimba
Summary
- Vulnerability
- Authentication Bypass Vulnerability in CALimba
- Discovered
- 2006.02.07
- Last Update
- 2006.02.17 Exploitation code published
- ID
- EV0068
- CVE
- CVE-2006-0693
- Risk Level
- medium
- Type
- SQL Injection
- Status
- Unpatched. Vendor notyfied.
- Vendor
- n/a
- Vulnerable Software
- CALimba (http://www.errebit.com/opensource/index.php?rb=calimba)
- Version
- 0.99.2, 0.99.1 and earlier
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
SQL Injection found in CALimba (http://www.errebit.com/opensource/index.php?rb=calimba) script.
Vulnerable script: rb/cls/rb_auth.php
Variables $login $password are not properly sanitized before being used in a SQL query. This can be used to pass authorization or make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc - off
PoC/Exploit
Authentication Bypass Example:
Url: http://host/calimba/login.php
Login: ') or 1/*
Password: any
Solution.
Solution for "Authentication Bypass Vulnerability in CALimba" is not available. Check vendor's website for updates.