author: l0om     
site: www.excluded.org
product: dwc_articles <= 1.6  (maybe other versions too)
problem: possible sql injection



Vendor site?

www.distinctwebcreations.com
note:its currently down.


Vendor status?

Didnt find an email address or phon number.


what is it?

Dwc_Articles is an ASP application designed to add Featured, 
Recent and Popular News through an easy to use administration area. 
Other features: Design Packages, Add, Modify, Deactive through HTML/Wysiwyg Editor, 
Upload, Categories, Multiple Users and more. 


Where is the problem?

Nearly all scripts suffer from possible sql injections.
This may lead an attacker to change websites content or even worse- log in 
as an admin.


Workaround?

currently remove/rename the admin scripts might be a good idea.
iam sorry for no patch included, but i dont own the scripts.