`------------------------------------------------------
HYSA-2006-003 h4cky0u.org Advisory 012
------------------------------------------------------
Date - Thu Feb 24 2006
TITLE:
======
Oi! Email Marketing 3.0 SQL Injection
SEVERITY:
=========
High
SOFTWARE:
=========
Oi! Email Marketing 3.0. Prior versions maybe affected
INFO:
=====
Oi Email Marketing System is a Linux compatible application that can be a stand-alone product or can be integrated into Mambo 2002 content management system. It uses a powerful database which resides on your webserver and allows complete control over all your subscribers, campaigns and emails.
Support Website : www.miro.com.au
DESCRIPTION:
============
Oi Email Marketing System is prone to an SQL injection vulnerability. This issue is due to a failure in the index.php script of the application to properly sanitize user-supplied input before using it in SQL queries.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
POC:
====
First go to http://www.site.com/oi/index.php
In this login page provide the following inputs:
Username : username' OR '
Password : ' OR '
Note : here username should be a valid user registered on the site (generally admin)
Also, if a 'superadministrator'login is found and sucessfully exploited the server's
ftp password can be found by clicking 'Configuration' and viewing the pages source:
(It's hidden by *)
<TD CLASS="dialogue_heading">Password</TD>
<TD><input type="password" name="ftpPassword" value="password"></TD>
VENDOR STATUS
=============
Vendor was contacted repeatedly but no response received till date.
FIX:
====
No fix available as of date.
CREDITS:
========
- This vulnerability was discovered and researched by -
Illuminatus of h4cky0u Security Forums.
Mail : illuminatus85 at gmail dot com
Web : http://www.h4cky0u.org
- Co Researcher -
h4cky0u of h4cky0u Security Forums.
Mail : h4cky0u at gmail dot com
Web : http://www.h4cky0u.org
ORIGINAL ADVISORY:
==================
http://www.h4cky0u.org/advisories/HYSA-2006-003-oi-email.txt
--
http://www.h4cky0u.org
(In)Security at its best...
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation