WF-Section wfsfiles.php articleid Variable SQL Injection

2005-03-08T02:17:15
ID OSVDB:14647
Type osvdb
Reporter OSVDB
Modified 2005-03-08T02:17:15

Description

Manual Testing Notes

http://[victim]/article.php?articleid=1[SQL Code[like OR 1=1]]

References:

Vendor URL: http://www.wf-projects.com/modules/wfsection/ Security Tracker: 1013412 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0185.html Mail List Post: http://attrition.org/pipermail/vim/2007-April/001507.html ISS X-Force ID: 19660 Generic Exploit URL: http://milw0rm.com/exploits/3644 Generic Exploit URL: http://milw0rm.com/exploits/3645 Generic Exploit URL: http://milw0rm.com/exploits/3646 CVE-2005-0725 Bugtraq ID: 12760