CVE-2007-6138

VU Mass Mailer - SQL Injection via Login Page Password Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6138. PoCs published by Aria-Security Team.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Mass Mailer's login page (Default.asp). By injecting a malformed password, an attacker can bypass authentication due to insufficient input sanitization.

Description

SQL injection vulnerability in redir.asp in VU Mass Mailer allows remote attackers to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page). NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aria-Security Team · textwebappsasp

https://www.exploit-db.com/exploits/30793

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in Mass Mailer's login page (Default.asp). By injecting a malformed password, an attacker can bypass authentication due to insufficient input sanitization.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Mass Mailer (version unspecified)

No auth needed

Prerequisites: Access to the login page of Mass Mailer

MITRE ATT&CK