[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FlexCustomer <= 0.0.4 sql injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: FlexCustomer <= 0.0.4 sql injection
From: zerogue@xxxxxxxxx
Date: 6 May 2006 12:54:58 -0000

FlexCustomer <= 0.0.4 sql injection

Discovered by: Nomenumbra
Date: 6/4/2006
impact:high (privilege escalation,defacement)

FlexCustomer versions 0.0.4 and below are vulnerable to and SQL injection in 
the common user and admin-panel
login as follows (it really is SQL-injection 101 you know....):

a' or '1' = '1

The piece of vulnerable code is:

if (!empty($logincheck)){
$sql = "select username,adminid from useradmin where username='$checkuser' and 
password='$checkpass'";
$results = $db->select($sql);

Doing no sanitizing whatsoever.

Signing off,

Nomenumbra/[0x4F4C]

Prev by Date: ChipmunkBoard Multiple Attack vectors
Next by Date: myBloggie <= 2.1.3 XSS
Previous by thread: ChipmunkBoard Multiple Attack vectors
Next by thread: myBloggie <= 2.1.3 XSS
Index(es):
- Date
- Thread