Detections
Analytics

Web Wiz check_user.asp txtUserName Parameter SQL Injection

high Nessus Plugin ID 20375

Language:

Synopsis

The remote web server has an ASP application that is affected by a SQL injection vulnerability.

Description

The remote host is running an ASP application from Web Wiz, such as Password Login, Journal, Polls, or Site News.

The installed version of the Web Wiz application fails to validate user input to the 'txtUserName' parameter of the 'admin/check_user.asp' script before using it in database queries. An unauthenticated attacker may be able to leverage this issue to bypass authentication, disclose sensitive information, modify data, or launch attacks against the underlying database.

Solution

Upgrade to Web Wiz Password Login 1.72 / Journal 1.0.1 / Polls 3.07 / Site News 3.07 or later.

See Also

http://www.nessus.org/u?c6c7225d

https://seclists.org/bugtraq/2005/Dec/338

Plugin Details

Severity: High

ID: 20375

File Name: webwiz_txtusername_sql_injection.nasl

Version: 1.25

Type: remote

Family: CGI abuses

Published: 1/3/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/ASP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 12/30/2005

Reference Information

CVE: CVE-2005-4606

BID: 16085