漏洞关键信息 Summary Vulnerability: Authentication Bypass in Maian Support Discovered: 2006.03.16 Last Update: 2006.04.08 Solution added ID: EV0103 CVE: CVE-2006-1259 Risk Level: medium Type: SQL Injection Status: Unpatched. Vendor notified. Vendor: n/a Vulnerable Software: Maian Support (http://www.maianscriptworld.co.uk/) Version: 1.0 PoC/Exploit: Available Solution: Available Discovered by: Aliaksandr Hartsuyeu (eVuln.com) Description Vulnerable script: admin/index.php Parameters: email, pass are not properly sanitized before being used in SQL query. Condition: magic_quotes_gpc = off PoC/Exploit Authentication Bypass Example: - URL: - E-Mail Address: - Password: Solution To fix this problem: install or upgrade to version 1.1 Link: http://www.maianscriptworld.co.uk/scripts_support.html