Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

[eVuln] DSLogin Authentication Bypass Vulnerability
From: alex () evuln com
Date: 27 Mar 2006 12:32:01 -0000
New eVuln Advisory:
DSLogin Authentication Bypass Vulnerability
http://evuln.com/vulns/100/summary.html

--------------------Summary----------------
eVuln ID: EV0100
CVE: CVE-2006-1238
Software: DSLogin
Sowtware's Web Site: http://dsportal.uw.hu/
Versions: 1.0
Critical Level: Moderate
Type: SQL Injection
Class: Remote
Status: Unpatched. No reply from developer(s)
PoC/Exploit: Not Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

-----------------Description---------------
Vulnerable scripts:
index.php
admin/index.php

Variable $log_userid isn't properly sanitized before being used in SQL query. This can be used to bypass authentication 
using SQL injection and make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

--------------PoC/Exploit----------------------
Waiting for developer(s) reply.
If there is no reply exploitation code will be published in 10 days
http://evuln.com/vulns/100/exploit.html

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)


Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services
.

  By Date           By Thread  

Current thread:
  • [eVuln] DSLogin Authentication Bypass Vulnerability alex (Mar 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]