HYSA-2006-003 Oi! Email Marketing 3.0 SQL Injection

2006.02.24
Credit: h4cky0u
Risk: Medium
Local: Yes
Remote: Yes
CVE: CVE-2006-0920
CWE: CWE-89


CVSS Base Score: 1.7/10
Impact Subscore: 2.9/10
Exploitability Subscore: 3.1/10
Exploit range: Local
Attack complexity: Low
Authentication: Single time
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

------------------------------------------------------ HYSA-2006-003 h4cky0u.org Advisory 012 ------------------------------------------------------ Date - Thu Feb 24 2006 TITLE: ====== Oi! Email Marketing 3.0 SQL Injection SEVERITY: ========= High SOFTWARE: ========= Oi! Email Marketing 3.0. Prior versions maybe affected INFO: ===== Oi Email Marketing System is a Linux compatible application that can be a stand-alone product or can be integrated into Mambo 2002 content management system. It uses a powerful database which resides on your webserver and allows complete control over all your subscribers, campaigns and emails. Support Website : www.miro.com.au DESCRIPTION: ============ Oi Email Marketing System is prone to an SQL injection vulnerability. This issue is due to a failure in the index.php script of the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. POC: ==== First go to http://www.site.com/oi/index.php In this login page provide the following inputs: Username : username' OR ' Password : ' OR ' Note : here username should be a valid user registered on the site (generally admin) Also, if a 'superadministrator'login is found and sucessfully exploited the server's ftp password can be found by clicking 'Configuration' and viewing the pages source: (It's hidden by *) <TD CLASS="dialogue_heading">Password</TD> <TD><input type="password" name="ftpPassword" value="password"></TD> VENDOR STATUS ============= Vendor was contacted repeatedly but no response received till date. FIX: ==== No fix available as of date. CREDITS: ======== - This vulnerability was discovered and researched by - Illuminatus of h4cky0u Security Forums. Mail : illuminatus85 at gmail dot com Web : http://www.h4cky0u.org - Co Researcher - h4cky0u of h4cky0u Security Forums. Mail : h4cky0u at gmail dot com Web : http://www.h4cky0u.org ORIGINAL ADVISORY: ================== http://www.h4cky0u.org/advisories/HYSA-2006-003-oi-email.txt -- http://www.h4cky0u.org (In)Security at its best...


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top