[29768] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Web Wiz Site News realease v3.06 administration access.

daemon@ATHENA.MIT.EDU (drG4njubas)
Mon Apr 14 13:56:26 2003

From: "drG4njubas" <drG4nj@mail.ru>
To: <bugtraq@securityfocus.com>
Date: Mon, 14 Apr 2003 17:19:03 +0400
Message-ID: <000001c30288$6d2cb480$8c80763e@user1>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="koi8-r"
Content-Transfer-Encoding: 7bit

Date:
14.04.2003

Subject:
Web Wiz Site News realease v3.06 administration access.

Description:
Free asp news management system. Includes, simple intergration, 
short news item with link to full story, insert images, links, 
text formatting, user comments(optional) with email notification, 
anti-spam settings, and more 

Vendor:
Web Wiz Guide
http://www.webwizguide.info/

Vulnerability:
Administrator's password is not encrypted. It is
placed in MS Acess database. An attaker may download 
it and gain administrators privilegies.
Example: http://www.target.com/news/news.mdb

Black Tigerz Research Group
We are:Areus,Barracuda,n1Tr0f4n,Velzevol,n3ch,drG4njubas.
Please visit our website: http://www.blacktigerz.org


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[29768] in bugtraq

Web Wiz Site News realease v3.06 administration access.

daemon@ATHENA.MIT.EDU (drG4njubas)Mon Apr 14 13:56:26 2003

daemon@ATHENA.MIT.EDU (drG4njubas)
Mon Apr 14 13:56:26 2003