Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (News)  >   Web Wiz Site News Vendors:   Web Wiz Guide
Web Wiz Site News Discloses Administrator Password to Remote Users
SecurityTracker Alert ID:  1006574
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 14 2003
Impact:   Disclosure of authentication information, User access via network
Exploit Included:  Yes  
Version(s): 3.06
Description:   A vulnerability was reported in Web Wiz Site News. A remote user can retrieve the administrator's password.

Black Tigerz Research Group reported that the software stores the administrator's password without encryption in an MS Access database that can be downloaded by a remote user. A demonstration exploit URL is provided:


Impact:   A remote user can obtain the administrator's password and gain administrative access to the application.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  Web Wiz Site News realease v3.06 administration access.


Web Wiz Site News realease v3.06 administration access.

Free asp news management system. Includes, simple intergration, 
short news item with link to full story, insert images, links, 
text formatting, user comments(optional) with email notification, 
anti-spam settings, and more 

Web Wiz Guide

Administrator's password is not encrypted. It is
placed in MS Acess database. An attaker may download 
it and gain administrators privilegies.

Black Tigerz Research Group
We are:Areus,Barracuda,n1Tr0f4n,Velzevol,n3ch,drG4njubas.
Please visit our website:  


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC