Authentication Bypass in Wordcircle

Summary

Vulnerability
Authentication Bypass in Wordcircle
Discovered
2006.01.12
Last Update
0 n/a
ID
EV0027
CVE
CVE-2006-0205
Risk Level
medium
Type
SQL Injection
Status
Unpatched
Vendor
n/a
Vulnerable Software
Wordcircle (http://www.wordcircle.org/)
Version
2.17
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in Wordcircle (http://www.wordcircle.org/) script.

Vulnerable scripts: v_login.php

User-defined password isn't properly sanitized before being used in a SQL query. This can be used to log in as administrator without password.

Condition: magic_quotes_gpc: off

PoC/Exploit

Login Page:
http://host/index.php?a=login

Enter your email address: any

Enter your password: a' or 1/*

Solution.

Solution for "Authentication Bypass in Wordcircle" is not available. Check vendor's website for updates.