Authentication Bypass in Magic Calendar Lite
Summary
- Vulnerability
- Authentication Bypass in Magic Calendar Lite
- Discovered
- 2006.02.09
- Last Update
- 2006.02.19 Exploitation code published
- ID
- EV0071
- CVE
- CVE-2006-0673
- Risk Level
- medium
- Type
- SQL Injection
- Status
- Unpatched. No reply from developer(s)
- Vendor
- Reamday Enterprises (http://reamdaysoft.com)
- Vulnerable Software
- Magic Calendar Lite (http://reamdaysoft.com/customers/index.php?menu=127)
- Version
- 1.02
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
SQL Injection found in Magic Calendar Lite (http://reamdaysoft.com/customers/index.php?menu=127) script.
Vulnerable script: cms/index.php
Variables $total_login $total_password are not properly sanitized before being used in a SQL query. This can be used to pass authorization or make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc - off
PoC/Exploit
Authentication Bypass Example:
Url: http://host/path/cms/index.php
Login: ' or 1/*
Password: any
Solution.
Solution for "Authentication Bypass in Magic Calendar Lite" is not available. Check Reamday Enterprises website for updates.