← Advisories

Infoproject Biznis Heroj (login.php) Authentication Bypass Vulnerability

Medium
Advisory ID
ZSL-2011-5065
Release Date
21 December 2011
Vendor
Infoproject DOO - http://www.biznisheroj.mk
Affected Version
Plus, Pro and Extra
CVE
CVE-2011-5039
Tested On
Apache, PHP
Summary

Biznis Heroj or Business Hero is the first software on the Macedonian market that will help you manage your business processes in your company, such as accounting, production, acquisition, archiving, inventory, and the Cloud. Using the Cloud technology, Biznis Heroj allows you to access the system from any computer at any time through any internet browser.

Description

The vulnerability is caused due to an error in the logon authentication script (login.php) and can be exploited to bypass the login procedure by defining the 'username' and 'password' POST parameters with an SQL Injection attack, gaining admin privileges.

Proof of Concept
biznish_ab.txtTXT
Disclosure Timeline
14.12.2011Vulnerability discovered.
15.12.2011Contact with the vendor.
20.12.2011No response from the vendor.
21.12.2011Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://www.exploit-db.com/exploits/18259/
[2]http://securityreason.com/exploitalert/11069
[3]http://www.securityfocus.com/bid/51151
[4]http://packetstormsecurity.org/files/108079/ZSL-2011-5065.txt
[5]http://xforce.iss.net/xforce/xfdb/71927
[6]http://www.securityhome.eu/exploits/exploit.php?eid=14495359314ef29e06dfb9e5.27087577
[7]http://cxsecurity.com/issue/WLB-2011120038
[8]http://osvdb.org/show/osvdb/78294
[9]http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-5039
Changelog
21.12.2011Initial release
22.12.2011Added reference [4], [5] and [6]
24.11.2011Added reference [7]
15.01.2012Added reference [8] and [9]