BodyBuilder allows user to modify SQL authentication request
|bodybuilder-bypass-authentication (9359)||High Risk|
<Body>Builder allows administrative access by sending a SQL request to authenticate. A vulnerability regarding the lack of filtering in the user-supplied input could allow a remote attacker to input double hyphen '--' characters in the login fields to bypass authentication and gain administrative access to the system.
No remedy available as of September 1, 2014.
- BugTraq Mailing List, Thu Jun 13 2002 - 10:47:03 CDT: [LBYTE] Ruslan Communications Builder SQL modification.
- BID-5008: Ruslan Communications <Body>Builder SQL Injection Vulnerability
- CVE-2002-0951: SQL injection vulnerability in Ruslan Builder allows remote attackers to gain administrative privileges via a -- sequence in the username and password.
- OSVDB ID: 10119: Ruslan Body Builder Multiple Parameter SQL Injection
- Ruslan Communications Builder
Jun 13, 2002