CableTEL's Triple Play v1.0 (login.php) Remote Login Bypass SQL Injection Vuln

Title: CableTEL's Triple Play v1.0 (login.php) Remote Login Bypass SQL Injection Vuln
Advisory ID: ZSL-2010-4925
Type: Remote
Impact: Security Bypass, Exposure of Sensitive Information
Risk: (3/5)
Release Date: 22.02.2010
Summary
Triple Play is a PHP script that CableTEL offers its clients to check their internet traffic status.
Description
Triple Play suffers from a security bypass vulnerability (login.php) with sql injection attack. The login page can be accessed only by CableTEL's users. The script fails to sanitize user/pass login page allowing the attacker to bypass the security mechanism and view sensitive information that can be further used in a social engineering attack and such.
Vendor
CableTEL DOOEL / Кејблтел ДООЕЛ - http://www.cabletel.com.mk
Affected Version
1.0
Tested On
Microsoft Windows XP Professional SP3 (English)
Vendor Status
[23.12.2009] Vendor has some knowledge of the vulnerability.
PoC
cabletel-login.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://www.packetstormsecurity.org/filedesc/cabletel-sql.txt.html
Changelog
[22.02.2010] - Initial release
[23.02.2010] - Added reference [1]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk