Web Wiz Forum Injection Vulnerability

vendor:

Web Wiz Forum

by:

eXeSoul

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Web Wiz Forum

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2011

Web Wiz Forum Injection Vulnerability

Web Wiz Forum is vulnerable to SQL injection. Attackers can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter. For example, http://site.com/default.asp?pid=524' or http://site.com/viewproduct.asp?PID=130'

Mitigation:

Input validation and proper sanitization of user input should be done to prevent SQL injection attacks.

Source

Exploit-DB raw data:

##################################################################
# Title : Web Wiz Forum Injection Vulnerability
#
# Author: eXeSoul
#
# Home  : www.indishell.in or www.andhrahackers.com
#
# Email : exe.soul@live.com
#
# date  : 23/3/2011
# 
# D0rk  : [i]   Powered by Web Wiz Forums  
#         
#
# category  : Web Apps [SQli]
#        
################################################################## 
################################################################## 
#
#
#
#    Go To Site :-
# 
#    
#   
#    *SQL injection Vulnerability*
#
#
# 
#
#      [+]http://site.com/default.asp?pid=524'
#      [+]http://site.com/default.asp?pid=[SQLi]
#      [+]http://site.com/viewproduct.asp?PID=130'
#      [+]http://site.com/viewproduct.asp?PID=[SQli]
#
#
#     => PROUD TO BE AN INDIAN | Anythning for INDIA | JAI-HIND | Maa Tujhe Salam
#
#     => c0d3 for motherland, h4ck for motherland
#
# 
#    
#    [#] DOne now time to rock \m/
#
#    
#
#################################################################### 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
<3 Love: -[SiLeNtp0is0n]-, stRaNgEr(lucky), inX_rOot, NEO H4cK3R, DarkL00k, Th3 RDX, 
G00g!3 W@rr!0r, Nazz ,r45c4l, str1k3r, co0Lt04d , ATUL DWIVEDI , Jackh4xor , Bon3 ,
Badboy-Albinia, Mr.SK , I-H Guru,X__HMG, AK-47, [ICW] [Andhra Hackers], Ethical N00b,
[Indishell crew]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
####################################################################
#
#  Bug discovered : 23 March 2011
####################################################################
#
# Jay Mahadev.!!  Jay shree Ram.!! jay Shree krishna.!! Jay hind.!!
#
####################################################################
#
#
# 1337day.com [23-3-2011]
####################################################################