News Events 1.4 SQL Injection

2011-02-15T00:00:00
ID PACKETSTORM:98488
Type packetstorm
Reporter ThunDEr HeaD
Modified 2011-02-15T00:00:00

Description

                                        
                                            `#########################################################################  
  
[+] Exploit Title : Content Management newsevents 1.4 [ Sql Injection Vunerability ]  
[~] Author : ThunDEr HeaD  
[~] Contact : thunderhead10@gmail.com  
[~] Date : 15-02-2011  
[~] HomePage : www.indishell.in  
[~] Dork : action=newsevents&newsid=  
[~] Version : 1.4  
[~] Tested on : Eduys  
[~] Vulnerability Style : Content Management newsevents [ Sql Injection Vunerability ]  
  
#########################################################################  
  
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
Greetz T0: -[SiLeNtp0is0n]-, stRaNgEr(lucky), inX_rOot, NEO H4cK3R, DarkL00k, Th3 RDX, G00g!3 W@rr!0r,  
eXeSoul, str1k3r, co0Lt04d , ATUL DWIVEDI , Jackh4xor  
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
  
  
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
......\m/ INDIAN CYBER ARMY \m/......  
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
  
  
  
Vulnerability :-  
  
~ SQL injection Vulnerability ~  
  
  
[#] http://targetsite/index.php?action=newsevents&newsid=11  
  
[#] http://targetsite/index.php?action=newsevents&newsid=[SQLi code]  
  
  
  
  
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
  
  
=> c0d3 for motherland, h4ck for motherland  
  
  
  
Enj0y! :D  
  
  
[#] DOne now time to rock \m/  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
Bug discovered : 15 feb 2011  
  
finish(0);  
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
  
#End 0Day#  
`