This writeup describes an authentication bypass and XSS vulnerability in Omnistar Mailer. The auth bypass uses a classic SQL injection payload, while the XSS is a simple reflected attack via a script tag.
Classification
Writeup 90%
Attack Type
Sqli | Xss | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:Omnistar Mailer (version unspecified)
No auth needed
Prerequisites:Access to the login page · Ability to inject payloads into input fields