[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

dwc_articles possible sql injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: dwc_articles possible sql injection
From: Rene <l0om@xxxxxxxxxxxx>
Date: 23 Oct 2004 15:37:41 -0000


author: l0om     
site: www.excluded.org
product: dwc_articles <= 1.6  (maybe other versions too)
problem: possible sql injection



Vendor site?

www.distinctwebcreations.com
note:its currently down.


Vendor status?

Didnt find an email address or phon number.


what is it?

Dwc_Articles is an ASP application designed to add Featured, 
Recent and Popular News through an easy to use administration area. 
Other features: Design Packages, Add, Modify, Deactive through HTML/Wysiwyg 
Editor, 
Upload, Categories, Multiple Users and more. 


Where is the problem?

Nearly all scripts suffer from possible sql injections.
This may lead an attacker to change websites content or even worse- log in 
as an admin.


Workaround?

currently remove/rename the admin scripts might be a good idea.
iam sorry for no patch included, but i dont own the scripts.

Prev by Date: Ability FTP Server 2.34 Buffer Overflow Exploit
Next by Date: rssh: pizzacode security alert
Previous by thread: Ability FTP Server 2.34 Buffer Overflow Exploit
Next by thread: rssh: pizzacode security alert
Index(es):
- Date
- Thread