Authentication Bypass in Magic Calendar Lite

Summary

Vulnerability
Authentication Bypass in Magic Calendar Lite
Discovered
2006.02.09
Last Update
2006.02.19 Exploitation code published
ID
EV0071
CVE
CVE-2006-0673
Risk Level
medium
Type
SQL Injection
Status
Unpatched. No reply from developer(s)
Vendor
Reamday Enterprises (http://reamdaysoft.com)
Vulnerable Software
Magic Calendar Lite (http://reamdaysoft.com/customers/index.php?menu=127)
Version
1.02
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in Magic Calendar Lite (http://reamdaysoft.com/customers/index.php?menu=127) script.

Vulnerable script: cms/index.php

Variables $total_login $total_password are not properly sanitized before being used in a SQL query. This can be used to pass authorization or make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc - off

PoC/Exploit

Authentication Bypass Example:

Url: http://host/path/cms/index.php
Login: ' or 1/*
Password: any

Solution.

Solution for "Authentication Bypass in Magic Calendar Lite" is not available. Check Reamday Enterprises website for updates.