Exploit Title: Esoftpro Online Contact Manager Multiple Vulnerability
Vendor url:http://www.esoftpro.com/
Version:3
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Published: 2010-07-4
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
Sai, KD, M4n0j.
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:
Online Contact Manager (formerly known as EContact PRO) is an ultimate
online database system that allows you to store and retrieve contact
information anywhere - anytime! You'll also be able to easily send emails to
contacts with the built-in email client. Online Contact Manager features
Sorting, Mass Emails, Group Support, MS Outlook Synchronization, Birthday
Reminder, Data Export (CSV/TAB/HTML), Preference Control, Full Data
Manipulation Interfaces, 30+ Customizable Fields and much more. There is
also specially designed PDA interface allows you to use Online Contact
Manager through your PDA/Cell.
With Online Contact Manager :-
* Your company can store, share and retrieve all employees info in one
centralized database
* You can retrieve clients information while you are not in office
* You will remember all your friends' birthday
* Your organization or community members can retrieve other memebers'
information.
* You can send emails to your friends no matter what computer you are
using.
* You can export data into CSV (for opening with MS Excel), HTML (for
publishing as web pages) and TXT (for importing to all kinds of databases)
for other applications like Outlook Express, MS Excel and FileMaker etc.
* You can send emails to All Contacts or to a Particular Group of
Contacts with One Mouse Click. (Emails will be sent out separately for each
recipient by the system automatically)
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Vulnerability:
*SQL Vulnerability
DEMO URL:
http://server/OCM/view.php?id=[sqli]
*XSS Vulnerability
DEMO URL :
http://server/OCM/view.php?id=[xss]
*HTML Injection
DEMO URL:
http://server/OCM/view.php?id=[html]
# 0day n0 m0re #
# L0rd CrusAd3r #
--
With R3gards,
L0rd CrusAd3r