CVE-2003-1176

Web Wiz Forums <7.5 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1176. PoCs published by Alexander Antipov.

AI-analyzed exploit summary The vulnerability in Web Wiz Forum allows unauthorized access to private forums by exploiting insufficient checks in 'quote' mode. An attacker can craft a malformed request to read or write to a private forum.

Description

post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Alexander Antipov · textwebappsasp

https://www.exploit-db.com/exploits/23331

View Code ZIP pw:eip

The vulnerability in Web Wiz Forum allows unauthorized access to private forums by exploiting insufficient checks in 'quote' mode. An attacker can craft a malformed request to read or write to a private forum.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Theoretical

Target: Web Wiz Forum

No auth needed

Prerequisites: Access to the target Web Wiz Forum instance

MITRE ATT&CK