Fuju News SQL Injection and Authentication Bypass Vulnerabilities
BID:17572
Info
Fuju News SQL Injection and Authentication Bypass Vulnerabilities
| Bugtraq ID: | 17572 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 17 2006 12:00AM |
| Updated: | Apr 18 2006 07:56PM |
| Credit: | snatcher <[email protected]> is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Clanscripte.net Fuju News 1.0 |
| Not Vulnerable: | |
Discussion
Fuju News SQL Injection and Authentication Bypass Vulnerabilities
Fuju News is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Fuju News is also susceptible to an authentication-bypass vulnerability. This issue is due to a design flaw that allows attackers to gain administrative access to the application. A successful exploit could allow an attacker to compromise the application.
Fuju News version 1.0 is vulnerable to these issues. Other versions may be affected as well.
Fuju News is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
Fuju News is also susceptible to an authentication-bypass vulnerability. This issue is due to a design flaw that allows attackers to gain administrative access to the application. A successful exploit could allow an attacker to compromise the application.
Fuju News version 1.0 is vulnerable to these issues. Other versions may be affected as well.
Exploit / POC
Fuju News SQL Injection and Authentication Bypass Vulnerabilities
These issues can be exploited through a web client.
The following exploit code demonstrates exploiting the SQL-injection vulnerability:
These issues can be exploited through a web client.
The following exploit code demonstrates exploiting the SQL-injection vulnerability:
Solution / Fix
Fuju News SQL Injection and Authentication Bypass Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
Fuju News SQL Injection and Authentication Bypass Vulnerabilities
References:
References:
- Fuju News Home Page (Clanscripte.net)