header-logo
Suggest Exploit
vendor:
Front Door
by:
N/A
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Front Door
Affected Version From: 0.4b
Affected Version To: 0.4b
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3 with MySQL
N/A

SQL Injection in Login User Name Field

The login user name field of the Front Door software version 0.4b is vulnerable to SQL injection. An attacker can exploit this vulnerability by entering a malicious SQL query in the user name field. For example, ' OR username IS NOT NULL OR username = ' can be used to bypass authentication.

Mitigation:

Developers should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Software Link: http://sourceforge.net/projects/frontdoor/files/Front%20Door%20-%20BETA/Front%20Door%20-%20v0.4b/frontdoor-v0.4b.rar/download
# Version: 0.4b
# Tested on: Windows XP SP3 with MySQL


Login user name field is vulnerable to sql injection.
POC:
' OR username IS NOT NULL OR username = '

Navigation

Suggest Exploit

Services By CQR