Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

Web Wiz txtUserName Parameter SQL Injection Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Checks for txtUserName Parameter SQL injection vulnerability in Web Wiz products

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server has an ASP application that is affected by a SQL
injection vulnerability.

Description :

The remote host is running an ASP application from Web Wiz, such as
Password Login, Journal, Polls, or Site News.

The installed version of the Web Wiz application fails to validate
user input to the 'txtUserName' parameter of the
'admin/check_user.asp' script before using it in database queries. An
unauthenticated attacker may be able to leverage this issue to bypass
authentication, disclose sensitive information, modify data, or launch
attacks against the underlying database.

See also :

Solution :

Upgrade to Web Wiz Password Login 1.72 / Journal 1.0.1 / Polls 3.07 /
Site News 3.07 or later.

Threat Level:

High / CVSS Base Score : 7.0

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.