Lucene search
+L

HYSA-2006-003.txt

🗓️ 26 Feb 2006 00:00:00Reported by IlluminatusType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 28 Views

Oi! Email Marketing 3.0 SQL Injection vulnerability, high severity, affects Oi Email Marketing System, no fix availabl

Code
`------------------------------------------------------  
HYSA-2006-003 h4cky0u.org Advisory 012  
------------------------------------------------------  
Date - Thu Feb 24 2006  
  
  
TITLE:  
======  
  
Oi! Email Marketing 3.0 SQL Injection  
  
  
SEVERITY:  
=========  
  
High  
  
  
SOFTWARE:  
=========  
  
Oi! Email Marketing 3.0. Prior versions maybe affected  
  
  
INFO:  
=====  
  
Oi Email Marketing System is a Linux compatible application that can be a stand-alone product or can be integrated into Mambo 2002 content management system. It uses a powerful database which resides on your webserver and allows complete control over all your subscribers, campaigns and emails.  
  
Support Website : www.miro.com.au  
  
  
DESCRIPTION:  
============  
  
Oi Email Marketing System is prone to an SQL injection vulnerability. This issue is due to a failure in the index.php script of the application to properly sanitize user-supplied input before using it in SQL queries.  
  
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.  
  
  
POC:  
====  
  
First go to http://www.site.com/oi/index.php  
  
In this login page provide the following inputs:  
  
Username : username' OR '   
  
Password : ' OR '  
  
Note : here username should be a valid user registered on the site (generally admin)  
  
Also, if a 'superadministrator'login is found and sucessfully exploited the server's   
ftp password can be found by clicking 'Configuration' and viewing the pages source:   
  
(It's hidden by *)   
  
<TD CLASS="dialogue_heading">Password</TD>   
<TD><input type="password" name="ftpPassword" value="password"></TD>  
  
  
VENDOR STATUS  
=============  
  
Vendor was contacted repeatedly but no response received till date.  
  
  
FIX:  
====  
  
No fix available as of date.  
  
  
CREDITS:  
========  
  
- This vulnerability was discovered and researched by -  
  
Illuminatus of h4cky0u Security Forums.  
  
Mail : illuminatus85 at gmail dot com  
  
Web : http://www.h4cky0u.org  
  
  
- Co Researcher -  
  
h4cky0u of h4cky0u Security Forums.  
  
Mail : h4cky0u at gmail dot com  
  
Web : http://www.h4cky0u.org  
  
  
ORIGINAL ADVISORY:   
==================   
  
http://www.h4cky0u.org/advisories/HYSA-2006-003-oi-email.txt   
  
  
--   
http://www.h4cky0u.org   
(In)Security at its best...   
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

26 Feb 2006 00:00Current
7.4High risk
Vulners AI Score7.4
28