Miniweb 2.0 Admin bypass

vendor:

Miniweb 2.0

by:

bizzit

7.5

CVSS

HIGH

Admin bypass

287

CWE

Product Name: Miniweb 2.0

Affected Version From: 2

Affected Version To: 2

Patch Exists: YES

Related CWE: N/A

CPE: miniweb2.com

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

By entering 'union select 1#' in the username field and pressing login, an attacker can bypass authentication and gain admin access.

Mitigation:

Ensure that authentication is properly implemented and that user input is properly sanitized.

Source

Exploit-DB raw data:

##############################################################################
# Miniweb 2.0 Admin bypass
##############################################################################
# Type:
# 'union select 1#
# in the username field and press login, you are admin!
#
# download: http://www.miniweb2.com/
##############################################################################
# Found by bizzit
#
# Contact: bizzit[at]live.de
##############################################################################
# Greetz to:
# Suicide, ReED, h0yt3r, J0hn^x3r, tmh, n00bor, Five-Three-Nine, electron1x,
# Nazrek, Free-Hack and Sys-Flaw
##############################################################################

# milw0rm.com [2008-12-28]