[VIM] Source VERIFY of SMe FileMailer 1.21 SQL injection

Steven M. Christey coley at mitre.org
Wed Jan 17 18:54:08 EST 2007


Researcher: CorryL

Ref: BUGTRAQ:20070116 [x0n3-h4ck] SmE FileMailer 1.21 Remote Sql
   http://www.securityfocus.com/archive/1/archive/1/457071/100/0/threaded

Product url: http://www.scriptme.com/down/13

The 'ps' parameter is listed.

from the index.php:

    if(isset($_POST['s1'])){
    	$q1 = "select * from sme_members  where name = '$_POST[us]' and password = '$_POST[ps]'";
    	$r1 = mysql_query($q1) or die(mysql_error());


Obviously the 'us' parameter looks vulnerable too.

- Steve


More information about the VIM mailing list