[VIM] Source VERIFY of SMe FileMailer 1.21 SQL injection

Steven M. Christey coley at mitre.org
Wed Jan 17 18:54:08 EST 2007

Researcher: CorryL

Ref: BUGTRAQ:20070116 [x0n3-h4ck] SmE FileMailer 1.21 Remote Sql

Product url: http://www.scriptme.com/down/13

The 'ps' parameter is listed.

from the index.php:

    	$q1 = "select * from sme_members  where name = '$_POST[us]' and password = '$_POST[ps]'";
    	$r1 = mysql_query($q1) or die(mysql_error());

Obviously the 'us' parameter looks vulnerable too.

- Steve

More information about the VIM mailing list