35 lines
No EOL
1.5 KiB
Text
35 lines
No EOL
1.5 KiB
Text
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
|
|
Exploit Title: Diggersolutions Newsletter SQL injection Vulnerability
|
|
Version:2.7.1
|
|
Vendor url:http://diggersolutions.com
|
|
Published: 2010-11-02
|
|
Thanx to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic, M4n0j,SeeMe, gunslinger, Th3 RDX.
|
|
Greetz to : Inj3ct0r Exploit DataBase (inj3ct0r.com)
|
|
Special Greetz: Topsecure.net,0xr00t.com,Andhrahackers.com
|
|
Shoutzz:- To all ICW & Inj3ct0r members.
|
|
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
|
|
Description:
|
|
|
|
Newsletter Open Source is an ASP-based online newsletter application.
|
|
Includes Admin Pak, a former commercial add-on for the application.
|
|
Commercial Rich Text Editor has been stripped from the Admin Pak..
|
|
?
|
|
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
|
|
Vulnerability:
|
|
|
|
*SQL injection Vulnerability*
|
|
|
|
|
|
DEMO URL :
|
|
|
|
http://server/article.asp?qid=[SQLi]
|
|
|
|
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
|
|
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
|
|
# 0day n0 m0re #
|
|
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
|
|
.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~..~.~.~.~.~~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.
|
|
|
|
--
|
|
With R3gards,
|
|
L0rd CrusAd3r |