Description - SQL Injection and Multiple XSS in warforge.NEWS
Multiple Vulnerabilities found in warforge.NEWS script.
- Exploit
- Available
- Solution
- Not available - check vendor's website
Vulnerable script: authcheck.php
Cookie variable $_COOKIE[authusername] is not properly sanitized before being used in SQL query. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc = off
Order Source Code Review made by eVuln team
Protect your website by source code review of your website or web application made by Aliaksandr Hartsuyeu.The work will be done by experts in web application security.