Description - Script Insertion and Auth Bypass in TheWebForum
Multiple Vulnerabilities found in TheWebForum script.
- Exploit
- Available
- Solution
- Not available - check TheWebForum Group website
TheWebForum has multiple vulnerabilities.
1. SQL injection and authentication bypass.
Vulnerable script: login.php
Variables $_POST['username'] or $u isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code and log in without password.
SQL Injection Condition: magic_quotes_gpc=off
2. Cross-Site Scripting
Vulnerable script: register.php
Variable $www isn't properly sanitized and may contain arbitrary html or script code.
Order Source Code Audit made by eVuln
Check your website by PHP code analysis of your site done by Aliaksandr Hartsuyeu.The work will be done by experts in website security.