FlexCustomer <= 0.0.4 sql injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: FlexCustomer <= 0.0.4 sql injection
From: zerogue@xxxxxxxxx
Date: 6 May 2006 12:54:58 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

FlexCustomer <= 0.0.4 sql injection

Discovered by: Nomenumbra
Date: 6/4/2006
impact:high (privilege escalation,defacement)

FlexCustomer versions 0.0.4 and below are vulnerable to and SQL injection in 
the common user and admin-panel
login as follows (it really is SQL-injection 101 you know....):

a' or '1' = '1

The piece of vulnerable code is:

if (!empty($logincheck)){
$sql = "select username,adminid from useradmin where username='$checkuser' and 
password='$checkpass'";
$results = $db->select($sql);

Doing no sanitizing whatsoever.

Signing off,

Nomenumbra/[0x4F4C]

Prev by Date: ChipmunkBoard Multiple Attack vectors
Next by Date: myBloggie <= 2.1.3 XSS
Previous by thread: ChipmunkBoard Multiple Attack vectors
Next by thread: myBloggie <= 2.1.3 XSS
Index(es):
- Date
- Thread