| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 16 Jan 2007 18:13:56 -0000
From: corrado.liotta@...ce.it
To: bugtraq@...urityfocus.com
Subject: [x0n3-h4ck] SmE FileMailer 1.21 Remote Sql Injextion Exploit
-=[--------------------ADVISORY-------------------]=-
SmE FileMailer 1.21
Author: CorryL [corryl80@...il.com]
-=[-----------------------------------------------]=-
-=[+] Application: SmE FileMailer
-=[+] Version: 1.21
-=[+] Vendor's URL: http://www.scriptme.com/down/13
-=[+] Platform: Windows\Linux\Unix
-=[+] Bug type: sql injection
-=[+] Exploitation: Remote
-=[-]
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=[+] Reference: www.x0n3-h4ck.org
-=[+] Virtual Office: http://www.kasamba.com/CorryL
-=[+] Irc Chan: irc.darksin.net #x0n3-h4ck
..::[ Descriprion ]::..
SMe FileMailer lets you require visitors to submit their name and email address in order to retrieve a file from your site. Upon submitting the information, the link for file is sent to the visitor via email. This is a great way to stop leeching and third-party linking of your files, and it also lets you know exactly who's obtaining your files!
..::[ Proof Of Concept ]::..
In the login form insert
Login: admin
Password: anything' OR 'x'='x
..::[ Disclousure Timeline ]::..
[16/01/2007] - Public disclousure
Powered by blists - more mailing lists