Web Wiz Forums 9.68 SQLi Vulnerability

vendor:

Web Wiz Forums

by:

Sid3^effects aKa HaRi

7,5

CVSS

HIGH

SQLi

CWE

Product Name: Web Wiz Forums

Affected Version From: 9.68

Affected Version To: 9.68

Patch Exists: NO

Related CWE: N/A

CPE: a:webwiz:web_wiz_forums

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2010

Web Wiz Forums 9.68 SQLi Vulnerability

Web Wiz Forums 9.68 is vulnerable to a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands on the underlying database, potentially allowing them to access sensitive data or modify the application's data.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

       =========================================
        Web Wiz Forums 9.68 SQLi  Vulnerability
       =========================================

Name : Web Wiz Forums 9.68 SQLi Vulnerability
Date : june, 9 2010
Vendor url :http://www.webwiz.co.uk/webwizforums/
Platform: Windows
Price:$199
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,gunslinger_
greetz to :All ICW members.

###############################################################################################################
Description:

FREE ready to run discussion forum application featuring: Fast performance tuned SQL engine, 100's of easy to setup generic features, AD FREE, Unlimited Forums, Sub Forums, Topics, Posts, Members, & Groups, WYSIWYG post editor, web based setup/admin, RSS Feeds, skins, private messenger, calendar system, moderated posts, per forum security settings, unlimited member groups, integrate with existing member base, ladder system, password protect forums, moderators, image/file/avatar upload, search facilities, animated emoticons, avatar gallery, members list, hot topics, powerful admin tools, language files, IP banning, high security, CAPTCHA, Windows Authentication, support for load balanced web servers and web farms, API's, and lots more. FREE SUPPORT!! SQL Server 2000 & 2005 / mySQL 4.1+ & 5+ / MS Access versions.

###############################################################################################################

Xploit: SQLi Vulnerability

DEMO  URL:

       http://site.com/new_reply_form.asp?TID=[SQLi]


###############################################################################################################
# 0day no more 
# Sid3^effects