dwc_articles versions 1.6 and below suffer from various SQL injection attacks.
868b0d709c04337ab6679a6750c0c3949932eafe1e106b3ce4937e990b0ec271
author: l0om
site: www.excluded.org
product: dwc_articles <= 1.6 (maybe other versions too)
problem: possible sql injection
Vendor site?
www.distinctwebcreations.com
note:its currently down.
Vendor status?
Didnt find an email address or phon number.
what is it?
Dwc_Articles is an ASP application designed to add Featured,
Recent and Popular News through an easy to use administration area.
Other features: Design Packages, Add, Modify, Deactive through HTML/Wysiwyg Editor,
Upload, Categories, Multiple Users and more.
Where is the problem?
Nearly all scripts suffer from possible sql injections.
This may lead an attacker to change websites content or even worse- log in
as an admin.
Workaround?
currently remove/rename the admin scripts might be a good idea.
iam sorry for no patch included, but i dont own the scripts.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed