UltraCMS Input Validation Flaw in Username and Password Fields Lets Remote Users Inject SQL Commands
|
|
SecurityTracker Alert ID: 1017096
|
|
SecurityTracker URL: http://securitytracker.com/id?1017096
|
|
CVE Reference: CVE-2006-5491
(Links to External Site)
|
Updated: Jun 3 2008
|
Original Entry Date: Oct 20 2006
|
Impact: Disclosure of system information, Disclosure of user information, User access via network
|
Exploit Included: Yes
|
Version(s): 0.9
|
Description: A vulnerability was reported in UltraCMS. A remote user can inject SQL commands.
The software does not properly validate user-supplied input in the username and password parameters. A remote user can supply a
specially crafted parameter value to execute SQL commands on the underlying database.
A demonstration exploit is provided:
user:
'or''='
pass: 'or''='
fireboy discovered this vulnerability.
|
Impact: A remote user can execute SQL commands on the underlying database.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.ceary.com/ (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
Reported By: fireboy2006@gmail.com
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 19 Oct 2006 01:03:09 +0000
From: fireboy2006@gmail.com
Subject: UltraCMS 0.9 sql injection
|
****************************
* Tunis the 18 October 2006*
* bug found by fireboy *
****************************
product:UltraCMS 0.9
there is an sql injection problem in UltraCMS 0.9 and it can be exploited to gain admin privileges.
exploit:
user: 'or''='
pass: 'or''='
example : http://www.target.com/include/index.php
thx
|
|
