Ruslan Communications <Body>Builder - Authentication Bypass

Author: Alexander Korchagin
type: webapps
platform: java
port: 
date_added: 2002-06-13  
date_updated: 2012-09-26  
verified: 1  
codes: CVE-2002-0951;OSVDB-10119  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 21543.txt  

source: https://www.securityfocus.com/bid/5008/info

Ruslan Communications <Body>Builder is a tool designed to assist a user in creating a website. It allows for remote administration through a web interface, and is implemented in Java.

Reportedly, user input supplied as the login password is not adequately filtered. A malicious user may include special characters in the supplied password and modify the SQL query used to validate the user. Access to the administrative interface is possible.

Use login='-- and pass='--