Exploit Database - Logo

ActiveCampaign 1-2-All Broadcast Email 4.0 - Admin Control Panel 'Username' SQL Injection

EDB-ID: 26501 Author: bhs_team Published: 2005-11-12
CVE: CVE-2005-3679 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: Vulnerability
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/15400/info

ActiveCampaign 1-2-All Broadcast Email is prone to an SQL-injection vulnerability. This is an input-validation issue related to data that will be used in SQL queries, allowing a remote user to influence the structure and logic of a query.

Successful attacks could compromise the software. Depending on the database implementation and the nature of the affected query, the attacker may be able to gain unauthorized access to the database. 

http://www.example.com/[12allTarget]/admin/index.php

Username: ' or 1=1 /*
Password: (Nothing)(Blank)

Related Exploits

Trying to match CVEs (1): CVE-2005-3679
Trying to match OSVDBs (1): 20949
Other Possible E-DB Search Terms: ActiveCampaign 1-2-All Broadcast Email 4.0,  ActiveCampaign
Date D V Title Author
2006-09-14Download Exploit Code Verified ActiveCampaign KnowledgeBuilder 2.2 - Remote File Inclusionigi
2006-03-27Download Exploit Code Verified ActiveCampaign SupportTrio 2.50.2 - Multiple Cross-Site Scripting Vulnerabilitiesr0t
Menu