Authentication Bypass in inTouch

Summary

Vulnerability
Authentication Bypass in inTouch
Discovered
2006.01.01
Last Update
0 n/a
ID
EV0008
CVE
CVE-2006-0088
Risk Level
medium
Type
SQL Injection
Status
Unpatched
Vendor
n/a
Vulnerable Software
inTouch (http://intouch.sourceforge.net/)
Version
0.5.1 Alpha
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in inTouch (http://intouch.sourceforge.net/) script.

Vulnerable scripts: intouch.lib.php

Variable $user isn't properly sanitized before being used in a SQL query. This can be used to enter administrator area without password.

Condition: magic_quotes_gpc = off

PoC/Exploit

Link: http://host/index.php

username: a' or 'a'='a'/*

password: anypassword

Solution.

Solution for "Authentication Bypass in inTouch" is not available. Check vendor's website for updates.