Online Notebook Manager SQL Injection Vulnerability
Posted on 09 June 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Online Notebook Manager SQL Injection Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=================================================== Online Notebook Manager SQL Injection Vulnerability =================================================== Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com] Exploit Title: Online Notebook Manager SQLi Vulnerability Version:1.0 Price:$149.97 Vendor url:http://dmxready.com/?product=online-notebook-manager Published: 2010-06-09 Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue??, S1ayer,d3c0d3r and to all ICW members ##################################################################################################################################################################################################### Description: DMXReady Online Notebook Manager is an easy-to-use application that helps you create, edit, and manage your online documents. Use as a fast web publisher, build a mini-website, or keep it as your own private online journal. ?? 1. Use with any standard web browser like Internet Explorer, Firefox, Safari ?? 2. Structure your notebook as an online document or mini-website ?? 3. Publish your information quickly and easily - no need for IT ?? 4. Navigate easily with built-in Navigation Bar/Table of Contents ?? 5. Skin with ANY template using Dreamweaver or any other HTML editor ?? 6. Enhance your content by embedding Web 2.0 apps like Google Docs and YouTube Videos ?? 7. Use as a stand-alone, or integrate with your current website ?? 8. Easily find content with built-in keyword search ?? 9. Secure admin pages - built-in login with lost password feature ? 10. W3C Valid CSS and XHTML markup ? 11. MySQL, MSSQL compatible ? 12. Create multiple notebooks with just one installation! Creating your own online content does not get any easier. DMXReady Online Notebook Manager offers all the flexibility and functionality you need to collect, store, and publish your information. ####################################################################################################################################################################################################### Vulnerability: *SQLi Vulnerability Admin Control: Usename:admin Password:admin DEMO URL :http://demo.dmxready.com/onlinenotebookmanager.asp?ItemID=[sqli] # 0day n0 m0re # # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-09]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
