CableTEL's Triple Play v1.0 (login.php) Remote Login Bypass SQL Injection Vuln
Title: CableTEL's Triple Play v1.0 (login.php) Remote Login Bypass SQL Injection Vuln
Advisory ID: ZSL-2010-4925
Type: Remote
Impact: Security Bypass, Exposure of Sensitive Information
Risk: (3/5)
Release Date: 22.02.2010
[23.02.2010] - Added reference [1]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2010-4925
Type: Remote
Impact: Security Bypass, Exposure of Sensitive Information
Risk: (3/5)
Release Date: 22.02.2010
Summary
Triple Play is a PHP script that CableTEL offers its clients to check their internet traffic status.Description
Triple Play suffers from a security bypass vulnerability (login.php) with sql injection attack. The login page can be accessed only by CableTEL's users. The script fails to sanitize user/pass login page allowing the attacker to bypass the security mechanism and view sensitive information that can be further used in a social engineering attack and such.Vendor
CableTEL DOOEL - http://www.cabletel.com.mkAffected Version
1.0Tested On
Microsoft Windows XP Professional SP3 (English)Vendor Status
[23.12.2009] Vendor has some knowledge of the vulnerability.PoC
cabletel-login.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://www.packetstormsecurity.org/filedesc/cabletel-sql.txt.htmlChangelog
[22.02.2010] - Initial release[23.02.2010] - Added reference [1]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk