| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 27 Mar 2006 12:32:01 -0000 From: alex@...ln.com To: bugtraq@...urityfocus.com Subject: [eVuln] DSLogin Authentication Bypass Vulnerability New eVuln Advisory: DSLogin Authentication Bypass Vulnerability http://evuln.com/vulns/100/summary.html --------------------Summary---------------- eVuln ID: EV0100 CVE: CVE-2006-1238 Software: DSLogin Sowtware's Web Site: http://dsportal.uw.hu/ Versions: 1.0 Critical Level: Moderate Type: SQL Injection Class: Remote Status: Unpatched. No reply from developer(s) PoC/Exploit: Not Available Solution: Not Available Discovered by: Aliaksandr Hartsuyeu (eVuln.com) -----------------Description--------------- Vulnerable scripts: index.php admin/index.php Variable $log_userid isn't properly sanitized before being used in SQL query. This can be used to bypass authentication using SQL injection and make any SQL query by injecting arbitrary SQL code. Condition: magic_quotes_gpc = off --------------PoC/Exploit---------------------- Waiting for developer(s) reply. If there is no reply exploitation code will be published in 10 days http://evuln.com/vulns/100/exploit.html --------------Solution--------------------- No Patch available. --------------Credit----------------------- Discovered by: Aliaksandr Hartsuyeu (eVuln.com) Regards, Aliaksandr Hartsuyeu http://evuln.com - Penetration Testing Services .
Powered by blists - more mailing lists