Google Search: “powered by mailgust”
rgod rates this entry 10 out of 10.
Submitted: 2005-09-26 00:00:00
Added by: rgod
MailGust 1.9/2.0 (possibly prior versions) SQL injection / board takevorsoftware:site: http://www.mailgust.org/description:Mailgust is three softwares in one: * Mailing list manager * Newsletter distribution tool * Message Board Mailgust is written in php and uses a mysql database. vulnerability:if magic quotes off -> SQL Injectionwithout to have an account, a user can send himself a new admin password usingpassword reminder, in email field type:[yuor_email],’or’a'=’firstname.lastname@example.org a look to what happen:220 [MAILSERVER] SMTP Service readyHELO [MAILGUST]250 [MAILSERVER].MAIL FROM: