header-logo
Suggest Exploit
vendor:
News Manager
by:
Bellatrix
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: News Manager
Affected Version From: v1.2
Affected Version To: v1.2
Patch Exists: NO
Related CWE: N/A
CPE: a:dmxready:news_manager:1.2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP Sp3
2011

DmxReady News Manager v1.2 SQL Injection Vulnerability

A SQL injection vulnerability exists in DmxReady News Manager v1.2. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application. This can allow the attacker to gain access to the application database and potentially compromise the application and the underlying system.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

# Exploit Title: DmxReady News Manager v1.2 SQL Injection Vulnerability
# Google Dork: inurl:inc_newsmanager.asp
# Date: 03.07.2011
# Author: Bellatrix
# Software Link: http://www.dmxready.com/?product=news-manager
# Version: v1.2
#Language: ASP
# Price : $99.97
# Tested on: Windows XP Sp3
# Greetz : VoLqaN , Toprak and All Cyber-Warrior TIM members....

-------------------------------------------------------------------------------------------------
Bug ;

http://target/path/admin/NewsManager/update.asp?ItemID=[SQL ATTACK]

Navigation

Suggest Exploit

Services By CQR