|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 483 CVE : CVE-2006-0920 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : Yes Exploit Available : Yes Credit : h4cky0u Published : 24.02.2006
Advisory Content : ------------------------------------------------------ HYSA-2006-003 h4cky0u.org Advisory 012 ------------------------------------------------------ Date - Thu Feb 24 2006 TITLE: ====== Oi! Email Marketing 3.0 SQL Injection SEVERITY: ========= High SOFTWARE: ========= Oi! Email Marketing 3.0. Prior versions maybe affected INFO: ===== Oi Email Marketing System is a Linux compatible application that can be a stand-alone product or can be integrated into Mambo 2002 content management system. It uses a powerful database which resides on your webserver and allows complete control over all your subscribers, campaigns and emails. Support Website : www.miro.com.au DESCRIPTION: ============ Oi Email Marketing System is prone to an SQL injection vulnerability. This issue is due to a failure in the index.php script of the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. POC: ==== First go to http://www.site.com/oi/index.php In this login page provide the following inputs: Username : username' OR ' Password : ' OR ' Note : here username should be a valid user registered on the site (generally admin) Also, if a 'superadministrator'login is found and sucessfully exploited the server's ftp password can be found by clicking 'Configuration' and viewing the pages source: (It's hidden by *) <TD CLASS="dialogue_heading">Password</TD> <TD><input type="password" name="ftpPassword" value="password"></TD> VENDOR STATUS ============= Vendor was contacted repeatedly but no response received till date. FIX: ==== No fix available as of date. CREDITS: ======== - This vulnerability was discovered and researched by - Illuminatus of h4cky0u Security Forums. Mail : illuminatus85 at gmail dot com Web : http://www.h4cky0u.org - Co Researcher - h4cky0u of h4cky0u Security Forums. Mail : h4cky0u at gmail dot com Web : http://www.h4cky0u.org ORIGINAL ADVISORY: ================== http://www.h4cky0u.org/advisories/HYSA-2006-003-oi-email.txt -- http://www.h4cky0u.org (In)Security at its best...  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
» PHP 5.2.12/5.3.1 |
||
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |