TheWebForum Script Insertion and Authentication Bypass

CVE Category Price Severity
N/A CWE-XXXX Not specified High
Author Risk Exploitation Type Date
Not specified High Remote 2006-01-21
Our sensors found this exploit at:

Below is a copy:

New eVuln Advisory:
TheWebForum Script Insertion and Authentication Bypass

Vendor: TheWebForum Group
Software: TheWebForum
Sowtware's Web Site:
Versions: 1.2.1
Critical Level: Moderate
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (
Published: 2006.01.06
eVuln ID: EV0017

TheWebForum has multiple vulnerabilities.

1. SQL injection and authentication bypass.

Vulnerable script:

Variables $_POST['username'] or $u isn't properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code and log in without password.

SQL Injection Condition: gpc_magic_quotes=off

2. Cross-Site Scripting

Vulnerable script: register.php

Variable $www isn't properly sanitized and may contain arbitrary html or script code.

Authentication bypass example (SQL Injection):
User Name: a' or 'a'='a'/*
Password: anypassword

Get user's password hash example (SQL Injection):
User Name: a' union select N,password,3 from users/*
User name will contain password's hash of user with ID=N

JavaScript insertion (XSS):
Website value: <script>alert(document.cookie)</script>

No Patch available.

Original Advisory:

Discovered by: Aliaksandr Hartsuyeu (

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum