Vulnerability Summary Vulnerability: adminname Authentication Bypass in ScozBook Discovered: 2006-01-02 Last Update: n/a ID: EV0011 CVE: CVE-2006-0079 Risk Level: medium Type: SQL Injection Status: Unpatched Vendor: ScozNet (http://www.scoznet.com/) Vulnerable Software: ScozBook (http://sourceforge.net/projects/scozbook/) Version: BETA 1.1 PoC/Exploit: Available Solution: Not available Discovered by: Aliaksandr Hartsuyeu (eVuln.com) Description Vulnerable scripts: auth.php Variable $adminname isn't properly sanitized before being used in a SQL query. Script /auth.php from main directory registers session with $adminname and $adminpass variables which used by scripts from /admin/ directory. Condition: magic_quotes_gpc = off PoC/Exploit Link: http://host/auth.php username: a' or 'a'='a'/ password: anypassword Solution Solution for "adminname Authentication Bypass in ScozBook" is not available**. Check ScozNet website for updates.