New eVuln Advisory: DSLogin Authentication Bypass Vulnerability http://evuln.com/vulns/100/summary.html --------------------Summary---------------- eVuln ID: EV0100 CVE: CVE-2006-1238 Software: DSLogin Sowtware's Web Site: http://dsportal.uw.hu/ Versions: 1.0 Critical Level: Moderate Type: SQL Injection Class: Remote Status: Unpatched. No reply from developer(s) PoC/Exploit: Not Available Solution: Not Available Discovered by: Aliaksandr Hartsuyeu (eVuln.com) -----------------Description--------------- Vulnerable scripts: index.php admin/index.php Variable $log_userid isn't properly sanitized before being used in SQL query. This can be used to bypass authentication using SQL injection and make any SQL query by injecting arbitrary SQL code. Condition: magic_quotes_gpc = off --------------PoC/Exploit---------------------- Waiting for developer(s) reply. If there is no reply exploitation code will be published in 10 days http://evuln.com/vulns/100/exploit.html --------------Solution--------------------- No Patch available. --------------Credit----------------------- Discovered by: Aliaksandr Hartsuyeu (eVuln.com) Regards, Aliaksandr Hartsuyeu http://evuln.com - Penetration Testing Services .
