BrightSuite Groupware SQL Injection

2010-06-14T00:00:00
ID PACKETSTORM:90626
Type packetstorm
Reporter L0rd CrusAd3r
Modified 2010-06-14T00:00:00

Description

                                        
                                            `  
  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : Inj3ct0r.com 0  
1 [+] Support e-mail : submit[at]inj3ct0r.com 1  
0 0  
1 ########################################### 1  
0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1  
1 ########################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]  
Exploit Title:BrightSuite Groupware SQL Vulnerable  
Code: ASP 3.0 & VBScript  
Vendor url:http://www.denaliintranet.com/  
Version:5.4  
Price:$1299  
Published: 2010-06-12  
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to  
all ICW members.  
Spl Greetz to:inj3ct0r.com Team  
  
#####################################################################################################################################################################################################  
  
Description:  
  
BrightSuite is a web-based Groupware, Intranet, and Team Collaboration  
application. 25 customizable applications like document management,  
calendars, forums, instant messaging and email. Live Demo and Trial  
  
#######################################################################################################################################################################################################  
  
Vulnerability:  
  
*SQLi Vulnerability  
  
DEMO URL:  
  
http://208.106.239.21/pages/contact_list_mail_form.asp?ContactID=[sqli]  
  
# 0day n0 m0re #  
# L0rd CrusAd3r #  
  
--   
With R3gards,  
L0rd CrusAd3r  
  
  
  
`