Esoftpro Online Contact Manager – Multiple Vulnerabilities

• Exploit Database
• 4 阅读

• 作者： L0rd CrusAd3r
  日期： 2010-07-04
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14206/

• Exploit Title: Esoftpro Online Contact Manager Multiple Vulnerability
  Vendor url:http://www.esoftpro.com/
  Version:3
  Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
  Published: 2010-07-4
  Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
  Sai, KD, M4n0j.
  Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
  Shoutzz:- To all ICW members.
  ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
  Description:
  
  Online Contact Manager (formerly known as EContact PRO) is an ultimate
  online database system that allows you to store and retrieve contact
  information anywhere - anytime! You'll also be able to easily send emails to
  contacts with the built-in email client. Online Contact Manager features
  Sorting, Mass Emails, Group Support, MS Outlook Synchronization, Birthday
  Reminder, Data Export (CSV/TAB/HTML), Preference Control, Full Data
  Manipulation Interfaces, 30+ Customizable Fields and much more. There is
  also specially designed PDA interface allows you to use Online Contact
  Manager through your PDA/Cell.
  
  With Online Contact Manager :-
  
  * Your company can store, share and retrieve all employees info in one
  centralized database
  * You can retrieve clients information while you are not in office
  * You will remember all your friends' birthday
  * Your organization or community members can retrieve other memebers'
  information.
  * You can send emails to your friends no matter what computer you are
  using.
  * You can export data into CSV (for opening with MS Excel), HTML (for
  publishing as web pages) and TXT (for importing to all kinds of databases)
  forother applications like Outlook Express, MS Excel and FileMaker etc.
  * You can send emails to All Contacts or to a Particular Group of
  Contacts with One Mouse Click. (Emails will be sent out separately for each
  recipient by the system automatically)
  
  ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
  
  Vulnerability:
  
  *SQL Vulnerability
  
  DEMO URL:
  
  http://server/OCM/view.php?id=[sqli]
  
  *XSS Vulnerability
  
  DEMO URL :
  
  http://server/OCM/view.php?id=[xss]
  
  *HTML Injection
  
  DEMO URL:
  
  http://server/OCM/view.php?id=[html]
  
  # 0day n0 m0re #
  # L0rd CrusAd3r #
  
  
  -- 
  With R3gards,
  L0rd CrusAd3r