Esoftpro Online Contact Manager Multiple Vulnerability

2010-07-04T00:00:00
ID 1337DAY-ID-13116
Type zdt
Reporter L0rd CrusAd3r
Modified 2010-07-04T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ======================================================
Esoftpro Online Contact Manager Multiple Vulnerability
======================================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                ###########################################           1
0                I'm L0rd CrusAd3r member from Inj3ct0r Team           1
1                ###########################################           0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1


Author: L0rd CrusAd3r aka VSN [[email protected]]
Exploit Title: Esoftpro Online Contact Manager Multiple Vulnerability
Vendor url:http://www.esoftpro.com/
Version:3
Published: 2010-07-4
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j.
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:

Online Contact Manager (formerly known as EContact PRO) is an ultimate online database system that allows you to store and retrieve contact information anywhere - anytime! You'll also be able to easily send emails to contacts with the built-in email client. Online Contact Manager features Sorting, Mass Emails, Group Support, MS Outlook Synchronization, Birthday Reminder, Data Export (CSV/TAB/HTML), Preference Control, Full Data Manipulation Interfaces, 30+ Customizable Fields and much more. There is also specially designed PDA interface allows you to use Online Contact Manager through your PDA/Cell.

With Online Contact Manager :-

??? * Your company can store, share and retrieve all employees info in one centralized database
??? * You can retrieve clients information while you are not in office
??? * You will remember all your friends' birthday
??? * Your organization or community members can retrieve other memebers' information.
??? * You can send emails to your friends no matter what computer you are using.
??? * You can export data into CSV (for opening with MS Excel), HTML (for publishing as web pages) and TXT (for importing to all kinds of databases) for? other applications like Outlook Express, MS Excel and FileMaker etc.
??? * You can send emails to All Contacts or to a Particular Group of Contacts with One Mouse Click. (Emails will be sent out separately for each recipient by the system automatically)

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQL Vulnerability

DEMO URL:

http://www.esoftpro.com/demo/OCM/view.php?id=[sqli]

*XSS Vulnerability

DEMO URL :

http://www.esoftpro.com/demo/OCM/view.php?id=[xss]

*HTML Injection

DEMO URL:

http://www.esoftpro.com/demo/OCM/view.php?id=[html]

# 0day n0 m0re #
# L0rd CrusAd3r #



#  0day.today [2018-04-10]  #