Maian Support version 1.0 suffers from a SQL injection flaw allowing for authentication bypass.
283ea12b9fb8215868c76df046f3dd365903dba00cc56ed89772730e5dea9413New eVuln Advisory:
Maian Support Authentication Bypass
http://evuln.com/vulns/103/summary.html
--------------------Summary----------------
eVuln ID: EV0103
CVE: CVE-2006-1259
Software: Maian Support
Sowtware's Web Site: http://www.maianscriptworld.co.uk/
Versions: 1.0
Critical Level: Moderate
Type: SQL Injection
Class: Remote
Status: Unpatched. Developer(s) contacted.
PoC/Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
-----------------Description---------------
Vulnerable script: admin/index.php
Parameters email, pass are not properly sanitized before being used in SQL query. This can be used to bypass authentication using SQL injection or make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
--------------PoC/Exploit----------------------
Available at: http://evuln.com/vulns/103/exploit.html
Authentication Bypass Example:
URL: http://[host]/admin/index.php? cmd=login
E-Mail Address: ' or 1/*
Password: any
--------------Solution---------------------
No Patch available.
--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)
Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services
.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed