Octeth Oempro 3.6.4 - SQL Injection Information Disclosure

2011-02-03T00:00:00
ID EXPLOITPACK:20C99ACE39056CF080BA99779DE9F59D
Type exploitpack
Reporter Ignacio Garrido
Modified 2011-02-03T00:00:00

Description

Octeth Oempro 3.6.4 - SQL Injection Information Disclosure

                                        
                                            source: https://www.securityfocus.com/bid/46135/info

Octeth Oempro is prone to multiple SQL-injection vulnerabilities and an information-disclosure vulnerability.

Exploiting these issues could allow an attacker to obtain sensitive information, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Octeth Oempro 3.6.4 is vulnerable; other versions may also be affected. 

http://www.example.com/cli_bounce.php

http://www.example.com/link.php?URL=[ENC URL]&Name=&EncryptedMemberID=[ENCODED
SQLI]&CampaignID=9&CampaignStatisticsID=16&Demo=0&Email=[MAIL]

http://www.example.com/html_version.php?ECID=[SQL]

http://www.example.com/archive.php?ArchiveID=[SQL]