Lucene search
K

Akiva Webboard SQL Injection

🗓️ 29 Dec 2011 00:00:00Reported by Alexander FuchsType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 23 Views

Akiva Webboard SQL Injection vulnerability allows login as Administrator and viewing Admin password in HTML code, affecting versions 8.x and 9

Code
`Hey,  
  
this is my first time that i report a vulnerability to a mailing list.   
The problem on the Akiva Webboard is, that you can login as   
Administrator with admin'-- (SQL Injection) and if you go to the   
adminprofil you can see the Adminpasswort in the HTML code.  
  
The current version is 9. I do only know this issue and verified it with   
the UN DESA ( /Department of Economic and Social Affairs) webboard 8.x /   
http://esaconf.un.org/WB/Default.asp?LogIn=yes&action=7   
<http://esaconf.un.org/WB/Default.asp?LogIn=yes&action=7>.  
  
I post this to the hacker news (he retweeted it) and some guys added   
"hacked by" in the signature... :|  
  
As usual i cant contact the right person on UN to fix this issue. What   
do you think about it?  
  
Kind regards,  
Alexander Fuchs  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation