FlexCustomer <= 0.0.4 sql injection



FlexCustomer <= 0.0.4 sql injection

Discovered by: Nomenumbra
Date: 6/4/2006
impact:high (privilege escalation,defacement)

FlexCustomer versions 0.0.4 and below are vulnerable to and SQL injection in the common user and admin-panel
login as follows (it really is SQL-injection 101 you know....):

a' or '1' = '1

The piece of vulnerable code is:

if (!empty($logincheck)){
$sql = "select username,adminid from useradmin where username='$checkuser' and password='$checkpass'";
$results = $db->select($sql);

Doing no sanitizing whatsoever.

Signing off,

Nomenumbra/[0x4F4C]