9 matches found
Snitz Forums 2000 active.asp HTTP X-Forwarded-For Header SQL Injection
The version of Snitz Forums 2000 hosted on the remote host fails to sanitize input to the 'X-Forwarded-For' header in the 'active.asp' script when called with the 'AllRead' POST parameter set to 'Y' before using it to construct a database query. An unauthenticated, remote attacker can leverage th...
Snitz Forums 2000 Active.ASP SQL注入漏洞
Snitz Forums 2000是一款基于ASP的WEB应用程序。 Snitz Forums 2000不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞进行SQL注入攻击,可获得敏感信息或操作数据库。 问题是由于'Active.ASP'脚本对用户提交的WEB参数缺少过滤,提交恶意SQL查询作为参数数据,可更改原来的SQL逻辑,获得敏感信息或操作数据库。 Snitz Forums 2000 Snitz Forums 2000 3.4.6 Snitz Forums 2000 Snitz Forums 2000 3.4 .05 Snitz Forums 2000 Snitz Forums...
CVE-2007-6240
CVE-2007-6240 concerns a SQL injection in Snitz Forums 2000 (build 3.4.06) via the BuildTime parameter in active.asp, allowing remote attackers to execute arbitrary SQL commands. Affected software: Snitz Forums 2000 3.4.06. Root cause: unparameterized SQL handling in the active.asp path. Impact: ...
Snitz2000 SQL Injection: A user can gain admin level
WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Title: A user can gain admin level in snitz 2000 by SQL Injection vendor: http://forum.snitz.com/ Googling: "Powered by Snitz" 2,440,000 victims Last bug report in 2007-02-16 with 4692 visitors Exploit: Available Fix...
snitz-sql.txt
WwW.BugReport.IR AmnPardaz Security Research & Penetration Testing Group Title: A user can gain admin level in snitz 2000 by SQL Injection vendor: http://forum.snitz.com/ Googling: "Powered by Snitz" 2,440,000 victims Last bug report in 2007-02-16 with 4692 visitors Exploit: Available Fix...
Snitz Forum < 3.4.0.07 active.asp BuildTime Parameter SQL Injection
Binary data 4306.prm...
Snitz Forums 2000 - 'Active.asp' SQL Injection
WwW.BugReport.IR AmnPardaz Security Research & Penetration Testing Group Title: A user can gain admin level in snitz 2000 by SQL Injection vendor: http://forum.snitz.com/ Googling: "Powered by Snitz" 2,440,000 victims Last bug report in 2007-02-16 with 4692 visitors Exploit: Available Fix...
Snitz Forums 2000 Active.asp Remote SQL Injection Vulnerability
No description provided by source. WwW.BugReport.IR AmnPardaz Security Research & Penetration Testing Group Title: A user can gain admin level in snitz 2000 by SQL Injection vendor: http://forum.snitz.com/ Googling: "Powered by Snitz" 2,440,000 victims Last bug report in 2007-02-16 with 4692...
Snitz Forums 2000 Active.asp Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications =============================================================== Snitz Forums 2000 Active.asp Remote SQL Injection Vulnerability =============================================================== AmnPardaz Security Research & Penetration Testi...