[eVuln] phpstatus Authentication Bypass



New eVuln Advisory:
phpstatus Authentication Bypass
http://evuln.com/vulns/61/summary.html

--------------------Summary----------------
eVuln ID: EV0061
CVE: CVE-2006-0570 CVE-2006-0571 CVE-2006-0572
Vendor: Hinton Design
Vendor's Web Site: http://www.hintondesign.org
Software: phpstatus
Sowtware's Web Site: http://www.hintondesign.org/downloads/view_cat.php?cat_id=92
Versions: 1.0
Critical Level: Moderate
Type: SQL Injection
Class: Remote
Status: Unpatched. No reply from developer(s)
Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

-----------------Description---------------
Vulnerable script: check.php

There are two ways to bypass authentication:

a) SQL Injection
Variable $HTTP_POST_VARS[username] isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc - off

b) Cookie based authentication
check.php script dont make password comparisson when identifying user by cookies

Multiple Cross-Site Scripting & Multiple SQL Injections vulnerabilities are present in administrator's control panel.

--------------Exploit----------------------
Available at: http://evuln.com/vulns/61/exploit.html

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)



Relevant Pages

  • RE: SBS 2003 Activesync Problem-getting 0x85010004 error on the PD
    ... Please open IIS manager console, navigate to Web Sites->Default Web Site ... Click Directory Security tap, Under Authentication and access control, ... When opening a new thread via the web interface, we recommend you check the ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS 2003 Activesync Problem-getting 0x85010004 error on the PDA
    ... when access Activesync on PDA. ... Please open IIS manager console, navigate to Web Sites->Default Web Site ... Click Directory Security tap, Under Authentication and access control, ...
    (microsoft.public.windows.server.sbs)
  • RE: CEICW-OMA errors
    ... Please double confirm the settings of the default Web Site settings as ... Open IIS Manager, navigate Web site -> Default Web Site, right click it ... Authentication Methods: ...
    (microsoft.public.windows.server.sbs)
  • Re: OWA and RWW not accessible.
    ... In Authentication and Access Control... ... Is all of this correct on your SBS server? ... Open the Web site home page, and then look for links to the information ...
    (microsoft.public.windows.server.sbs)
  • Re: IIS 6 Integrated Authentication and IE 6 - security credential
    ... My server is in a domain. ... :> NTLM authentication by setting the NTAuthenticationProviders metabase ... :>>> If I reconfigure the web site so that it runns in an application ... :>>> associated with the default Network Service identity then the request ...
    (microsoft.public.inetserver.iis.security)