[VIM] Source VERIFY of SMe FileMailer 1.21 SQL injection
Steven M. Christey
coley at mitre.org
Wed Jan 17 18:54:08 EST 2007
Researcher: CorryL
Ref: BUGTRAQ:20070116 [x0n3-h4ck] SmE FileMailer 1.21 Remote Sql
http://www.securityfocus.com/archive/1/archive/1/457071/100/0/threaded
Product url: http://www.scriptme.com/down/13
The 'ps' parameter is listed.
from the index.php:
if(isset($_POST['s1'])){
$q1 = "select * from sme_members where name = '$_POST[us]' and password = '$_POST[ps]'";
$r1 = mysql_query($q1) or die(mysql_error());
Obviously the 'us' parameter looks vulnerable too.
- Steve
More information about the VIM
mailing list